lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon,  3 Sep 2018 18:55:51 +0200
From:   Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:     linux-kernel@...r.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        stable@...r.kernel.org, Aurelien Aptel <aaptel@...e.com>,
        Paulo Alcantara <palcantara@...e.com>,
        Xiaoli Feng <xifeng@...hat.com>,
        Steve French <stfrench@...rosoft.com>
Subject: [PATCH 4.18 007/123] CIFS: fix uninitialized ptr deref in smb2 signing

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Aurelien Aptel <aaptel@...e.com>

commit a5c62f4833c2c8e6e0f35367b99b717b78f5c029 upstream.

server->secmech.sdeschmacsha256 is not properly initialized before
smb2_shash_allocate(), set shash after that call.

also fix typo in error message

Fixes: 8de8c4608fe9 ("cifs: Fix validation of signed data in smb2")

Signed-off-by: Aurelien Aptel <aaptel@...e.com>
Reviewed-by: Paulo Alcantara <palcantara@...e.com>
Reported-by: Xiaoli Feng <xifeng@...hat.com>
Signed-off-by: Steve French <stfrench@...rosoft.com>
CC: Stable <stable@...r.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>

---
 fs/cifs/smb2transport.c |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

--- a/fs/cifs/smb2transport.c
+++ b/fs/cifs/smb2transport.c
@@ -173,7 +173,7 @@ smb2_calc_signature(struct smb_rqst *rqs
 	struct kvec *iov = rqst->rq_iov;
 	struct smb2_sync_hdr *shdr = (struct smb2_sync_hdr *)iov[0].iov_base;
 	struct cifs_ses *ses;
-	struct shash_desc *shash = &server->secmech.sdeschmacsha256->shash;
+	struct shash_desc *shash;
 	struct smb_rqst drqst;
 
 	ses = smb2_find_smb_ses(server, shdr->SessionId);
@@ -187,7 +187,7 @@ smb2_calc_signature(struct smb_rqst *rqs
 
 	rc = smb2_crypto_shash_allocate(server);
 	if (rc) {
-		cifs_dbg(VFS, "%s: shah256 alloc failed\n", __func__);
+		cifs_dbg(VFS, "%s: sha256 alloc failed\n", __func__);
 		return rc;
 	}
 
@@ -198,6 +198,7 @@ smb2_calc_signature(struct smb_rqst *rqs
 		return rc;
 	}
 
+	shash = &server->secmech.sdeschmacsha256->shash;
 	rc = crypto_shash_init(shash);
 	if (rc) {
 		cifs_dbg(VFS, "%s: Could not init sha256", __func__);

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ