lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAH2r5muy3GtTQPoaVXiD_tU-cG4FAQk4SCmmiR8vS4_pWvPanw@mail.gmail.com>
Date:   Fri, 1 Oct 2021 23:14:41 -0500
From:   Steve French <smfrench@...il.com>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     LKML <linux-kernel@...r.kernel.org>,
        CIFS <linux-cifs@...r.kernel.org>
Subject: [GIT PULL] ksmbd server security fixes

Please pull the following changes since commit
5816b3e6577eaa676ceb00a848f0fd65fe2adc29:

  Linux 5.15-rc3 (2021-09-26 14:08:19 -0700)

are available in the Git repository at:

  git://git.samba.org/ksmbd.git tags/5.15-rc3-ksmbd-fixes

for you to fetch changes up to 87ffb310d5e8a441721a9d04dfa7c90cd9da3916:

  ksmbd: missing check for NULL in convert_to_nt_pathname()
(2021-09-30 20:00:05 -0500)

----------------------------------------------------------------
Eleven fixes for the ksmbd kernel server, mostly security related:
- an important fix for disabling weak NTLMv1 authentication
- seven security (improved buffer overflow checks) fixes
- fix for wrong infolevel struct used in some getattr/setattr paths
- two small documentation fixes

Regression test results from Linux client to current ksmbd:
http://smb3-test-rhel-75.southcentralus.cloudapp.azure.com/#/builders/8/builds/76
----------------------------------------------------------------
Dan Carpenter (1):
      ksmbd: missing check for NULL in convert_to_nt_pathname()

Enzo Matsumiya (1):
      ksmbd: fix documentation for 2 functions

Hyunchul Lee (1):
      ksmbd: add buffer validation for SMB2_CREATE_CONTEXT

Namjae Jeon (7):
      ksmbd: fix invalid request buffer access in compound
      MAINTAINERS: rename cifs_common to smbfs_common in cifs and ksmbd entry
      ksmbd: remove NTLMv1 authentication
      ksmbd: use correct basic info level in set_file_basic_info()
      ksmbd: add request buffer validation in smb2_set_info
      ksmbd: add validation in smb2 negotiate
      ksmbd: fix transform header validation

Ronnie Sahlberg (1):
      ksmbd: remove RFC1002 check in smb2 request

 MAINTAINERS              |   4 +-
 fs/ksmbd/auth.c          | 205 -------------------------------------
 fs/ksmbd/crypto_ctx.c    |  16 ---
 fs/ksmbd/crypto_ctx.h    |   8 --
 fs/ksmbd/misc.c          |  17 ++--
 fs/ksmbd/oplock.c        |  41 ++++++--
 fs/ksmbd/smb2pdu.c       | 256 ++++++++++++++++++++++++++++++++++++-----------
 fs/ksmbd/smb2pdu.h       |   9 ++
 fs/ksmbd/smb_common.c    |  47 +++++----
 fs/ksmbd/smb_common.h    |   8 --
 fs/ksmbd/smbacl.c        |  21 +++-
 fs/ksmbd/transport_tcp.c |   4 +-
 12 files changed, 294 insertions(+), 342 deletions(-)

-- 
Thanks,

Steve

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ