lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAH2r5muSHRKyEq8tuivVSAvDW4ko37UVrKNAfNSveDy09mP=Hg@mail.gmail.com>
Date:   Wed, 26 Jul 2023 01:17:12 -0500
From:   Steve French <smfrench@...il.com>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     Namjae Jeon <linkinjeon@...nel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        CIFS <linux-cifs@...r.kernel.org>
Subject: [GIT PULL] ksmbd server fixes

Please pull the following changes since commit
06c2afb862f9da8dc5efa4b6076a0e48c3fbaaa5:

  Linux 6.5-rc1 (2023-07-09 13:53:13 -0700)

are available in the Git repository at:

  git://git.samba.org/ksmbd.git tags/6.5-rc3-ksmbd-server-fixes

for you to fetch changes up to 536bb492d39bb6c080c92f31e8a55fe9934f452b:

  ksmbd: fix out of bounds in init_smb2_rsp_hdr() (2023-07-23 10:25:11 -0500)

----------------------------------------------------------------
Six ksmbd server fixes including for stable, and four reported by ZDI
- fixes for two possible out of bounds access (in negotiate, and in decrypt msg)
- fix unsigned compared to zero warning
- fix path lookup crossing a mountpoint
- fix case when first compound request is a tree connect
- fix memory leak if reads are compounded

----------------------------------------------------------------
Namjae Jeon (5):
      ksmbd: check if a mount point is crossed during path lookup
      ksmbd: fix out of bounds in smb3_decrypt_req()
      ksmbd: validate session id and tree id in compound request
      ksmbd: no response from compound read
      ksmbd: fix out of bounds in init_smb2_rsp_hdr()

Wang Ming (1):
      ksmbd: Fix unsigned expression compared with zero

 fs/smb/server/ksmbd_netlink.h |  3 ++-
 fs/smb/server/server.c        |  7 ++++++-
 fs/smb/server/smb2pdu.c       | 47
+++++++++++++++++++++++++++------------------
 fs/smb/server/smb_common.c    | 19 +++++++++++--------
 fs/smb/server/smb_common.h    |  2 +-
 fs/smb/server/vfs.c           | 65
++++++++++++++++++++++++++++++++++++---------------------------
 fs/smb/server/vfs.h           |  4 ++--
 7 files changed, 88 insertions(+), 59 deletions(-)

-- 
Thanks,

Steve

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ