lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 23 Oct 2021 10:06:41 -0500 From: Steve French <smfrench@...il.com> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Namjae Jeon <linkinjeon@...nel.org>, CIFS <linux-cifs@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org> Subject: [GIT PULL] ksmbd fixes Please pull the following changes since commit 64570fbc14f8d7cb3fe3995f20e26bc25ce4b2cc: Linux 5.15-rc5 (2021-10-10 17:01:59 -0700) are available in the Git repository at: git://git.samba.org/ksmbd.git tags/5.15-rc6-ksmbd-fixes for you to fetch changes up to 0d994cd482ee4e8e851388a70869beee51be1c54: ksmbd: add buffer validation in session setup (2021-10-20 00:07:10 -0500) ---------------------------------------------------------------- Ten fixes for the ksmbd kernel server: - a security improvement to session establishment to reduce the possibility of dictionary attacks - fix to ensure that maximum i/o size negotiated in the protocol is not less than 64K and not more than 8MB to better match expected behavior - fix for crediting (flow control) important to properly verify that sufficient credits are available for the requested operation - seven additional buffer overflow, buffer validation checks Regression test results for current linux-next: http://smb3-test-rhel-75.southcentralus.cloudapp.azure.com/#/builders/8/builds/89 ---------------------------------------------------------------- Hyunchul Lee (3): ksmbd: improve credits management ksmbd: add buffer validation for smb direct ksmbd: validate OutputBufferLength of QUERY_DIR, QUERY_INFO, IOCTL requests Marios Makassikis (1): ksmbd: add buffer validation in session setup Namjae Jeon (5): ksmbd: add validation in smb2_ioctl ksmbd: fix potencial 32bit overflow from data area check in smb2_write ksmbd: validate compound response buffer ksmbd: limit read/write/trans buffer size not to exceed 8MB ksmbd: throttle session setup failures to avoid dictionary attacks Ralph Boehme (1): ksmbd: validate credit charge after validating SMB2 PDU body size fs/ksmbd/auth.c | 16 +- fs/ksmbd/connection.c | 2 + fs/ksmbd/ksmbd_netlink.h | 2 + fs/ksmbd/mgmt/user_config.c | 2 +- fs/ksmbd/mgmt/user_config.h | 1 + fs/ksmbd/smb2misc.c | 55 ++++--- fs/ksmbd/smb2ops.c | 3 + fs/ksmbd/smb2pdu.c | 346 ++++++++++++++++++++++++++++--------------- fs/ksmbd/smb2pdu.h | 2 + fs/ksmbd/transport_ipc.c | 3 +- fs/ksmbd/transport_ipc.h | 2 +- fs/ksmbd/transport_rdma.c | 21 ++- fs/ksmbd/vfs.c | 2 +- fs/ksmbd/vfs.h | 2 +- 14 files changed, 306 insertions(+), 153 deletions(-) -- Thanks, Steve
Powered by blists - more mailing lists