lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAH2r5mvu5wTcgoR-EeXLcoZOvhEiMR0Lfmwt6gd1J1wvtTLDHA@mail.gmail.com>
Date:   Sun, 19 Sep 2021 09:22:31 -0500
From:   Steve French <smfrench@...il.com>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     CIFS <linux-cifs@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>
Subject: [GIT PULL] ksmbd server security fixes

Please pull the following changes since commit
bf9f243f23e6623f310ba03fbb14e10ec3a61290:

  Merge tag '5.15-rc-ksmbd-part2' of git://git.samba.org/ksmbd
(2021-09-09 16:17:14 -0700)

are available in the Git repository at:

  git://git.samba.org/ksmbd.git tags/5.15-rc1-ksmbd

for you to fetch changes up to 6d56262c3d224699b29b9bb6b4ace8bab7d692c2:

  ksmbd: add validation for FILE_FULL_EA_INFORMATION of smb2_get_info
(2021-09-18 10:51:38 -0500)

----------------------------------------------------------------
3 ksmbd fixes: including an important security fix for path
processing, and a missing buffer overflow check, and a trivial fix for
incorrect header inclusion

There are three additional patches (and also a patch to improve
symlink checks) for other buffer overflow cases that are being
reviewed and tested.

Regression test results:
http://smb3-test-rhel-75.southcentralus.cloudapp.azure.com/#/builders/8/builds/67
and
https://app.travis-ci.com/github/namjaejeon/ksmbd/builds/237919800
----------------------------------------------------------------
Hyunchul Lee (1):
      ksmbd: prevent out of share access

Mike Galbraith (1):
      ksmbd: transport_rdma: Don't include rwlock.h directly

Namjae Jeon (1):
      ksmbd: add validation for FILE_FULL_EA_INFORMATION of smb2_get_info

 fs/ksmbd/misc.c           | 76 +++++++++++++++++++++++++++++++++++++++++------
 fs/ksmbd/misc.h           |  3 +-
 fs/ksmbd/smb2pdu.c        | 18 +++++++----
 fs/ksmbd/transport_rdma.c |  1 -
 4 files changed, 81 insertions(+), 17 deletions(-)


-- 
Thanks,

Steve

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ