| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAKYAXd_nhyS1JF++OEM38TyM7-5KYG1OwV+WRAkf2G+2R+at+A@mail.gmail.com>
Date: Tue, 2 May 2023 23:51:48 +0900
From: Namjae Jeon <linkinjeon@...nel.org>
To: 張智諺 <cc85nod@...il.com>
Cc: sfrench@...ba.org, senozhatsky@...omium.org, tom@...pey.com,
linux-cifs@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] ksmbd: fix null-ptr-deref in smb2_get_info_filesystem
2023-05-02 17:30 GMT+09:00, 張智諺 <cc85nod@...il.com>:
> Sorry, I missed to add the curly brackets, I will resend new commit.
This issue was reported and it's already been fixed.
Thanks.
>
> Pumpkin <cc85nod@...il.com> 於 2023年5月2日 週二 下午4:03寫道:
>
>> We do not assign path for those shares which have KSMBD_SHARE_FLAG_PIPE
>> flag, so we need to check if path is NULL before use it.
>>
>> [ 8.067958]
>> ==================================================================
>> [ 8.068413] BUG: KASAN: null-ptr-deref in strlen+0xa/0x40
>> [ 8.068747] Read of size 1 at addr 0000000000000000 by task
>> kworker/0:2/45
>> ...
>> [ 8.070638] Call Trace:
>> [ 8.070797] <TASK>
>> [ 8.070931] dump_stack_lvl+0x33/0x50
>> [ 8.071351] kasan_report+0xae/0xe0
>> [ 8.071766] strlen+0xa/0x40
>> [ 8.071948] getname_kernel+0x10/0x1a0
>> [ 8.072182] kern_path+0x10/0x40
>> [ 8.072385] smb2_get_info_filesystem+0xf9/0xc70
>> [ 8.076519] smb2_query_info+0x36b/0x1fd0
>> [ 8.079913] handle_ksmbd_work+0x274/0x810
>> [ 8.080165] process_one_work+0x419/0x760
>> [ 8.080421] worker_thread+0x2a2/0x6f0
>> [ 8.080916] kthread+0x160/0x190
>> [ 8.081423] ret_from_fork+0x1f/0x30
>> [ 8.081648] </TASK>
>>
>> Signed-off-by: Pumpkin <cc85nod@...il.com>
>> ---
>> fs/ksmbd/smb2pdu.c | 3 +++
>> 1 file changed, 3 insertions(+)
>>
>> diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c
>> index aa823b13d..798b193cf 100644
>> --- a/fs/ksmbd/smb2pdu.c
>> +++ b/fs/ksmbd/smb2pdu.c
>> @@ -4906,6 +4906,9 @@ static int smb2_get_info_filesystem(struct
>> ksmbd_work *work,
>> int rc = 0, len;
>> int fs_infoclass_size = 0;
>>
>> + if (share->path == NULL)
>> + return -EIO;
>> +
>> rc = kern_path(share->path, LOOKUP_NO_SYMLINKS, &path);
>> if (rc) {
>> pr_err("cannot create vfs path\n");
>> --
>> 2.39.2 (Apple Git-143)
>>
>>
>
Powered by blists - more mailing lists