| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250217072038.2311858-1-haoxiang_li2024@163.com>
Date: Mon, 17 Feb 2025 15:20:38 +0800
From: Haoxiang Li <haoxiang_li2024@....com>
To: sfrench@...ba.org,
pc@...guebit.com,
ronniesahlberg@...il.com,
sprasad@...rosoft.com,
tom@...pey.com,
bharathsm@...rosoft.com
Cc: linux-cifs@...r.kernel.org,
samba-technical@...ts.samba.org,
linux-kernel@...r.kernel.org,
Haoxiang Li <haoxiang_li2024@....com>,
stable@...r.kernel.org
Subject: [PATCH] smb: client: Add check for next_buffer in receive_encrypted_standard()
Add check for the return value of cifs_buf_get() and cifs_small_buf_get()
in receive_encrypted_standard() to prevent null pointer dereference.
Fixes: eec04ea11969 ("smb: client: fix OOB in receive_encrypted_standard()")
Cc: stable@...r.kernel.org
Signed-off-by: Haoxiang Li <haoxiang_li2024@....com>
---
fs/smb/client/smb2ops.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/fs/smb/client/smb2ops.c b/fs/smb/client/smb2ops.c
index ec36bed54b0b..2ca8fe196051 100644
--- a/fs/smb/client/smb2ops.c
+++ b/fs/smb/client/smb2ops.c
@@ -4964,6 +4964,10 @@ receive_encrypted_standard(struct TCP_Server_Info *server,
next_buffer = (char *)cifs_buf_get();
else
next_buffer = (char *)cifs_small_buf_get();
+ if (!next_buffer) {
+ cifs_server_dbg(VFS, "No memory for (large) SMB response\n");
+ return -1;
+ }
memcpy(next_buffer, buf + next_cmd, pdu_length - next_cmd);
}
--
2.25.1
Powered by blists - more mailing lists