| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAH2r5mt=oHJRjB6Mo_fE46yB-bkXgc2J-cq-eWv1OKPo3z5z3g@mail.gmail.com>
Date: Wed, 19 Feb 2025 23:34:13 -0600
From: Steve French <smfrench@...il.com>
To: Haoxiang Li <haoxiang_li2024@....com>
Cc: sfrench@...ba.org, pc@...guebit.com, ronniesahlberg@...il.com,
sprasad@...rosoft.com, tom@...pey.com, bharathsm@...rosoft.com,
linux-cifs@...r.kernel.org, samba-technical@...ts.samba.org,
linux-kernel@...r.kernel.org, stable@...r.kernel.org
Subject: Re: [PATCH] smb: client: Add check for next_buffer in receive_encrypted_standard()
merged into cifs-2.6.git for-next pending additional review and testing
On Mon, Feb 17, 2025 at 1:22 AM Haoxiang Li <haoxiang_li2024@....com> wrote:
>
> Add check for the return value of cifs_buf_get() and cifs_small_buf_get()
> in receive_encrypted_standard() to prevent null pointer dereference.
>
> Fixes: eec04ea11969 ("smb: client: fix OOB in receive_encrypted_standard()")
> Cc: stable@...r.kernel.org
> Signed-off-by: Haoxiang Li <haoxiang_li2024@....com>
> ---
> fs/smb/client/smb2ops.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/fs/smb/client/smb2ops.c b/fs/smb/client/smb2ops.c
> index ec36bed54b0b..2ca8fe196051 100644
> --- a/fs/smb/client/smb2ops.c
> +++ b/fs/smb/client/smb2ops.c
> @@ -4964,6 +4964,10 @@ receive_encrypted_standard(struct TCP_Server_Info *server,
> next_buffer = (char *)cifs_buf_get();
> else
> next_buffer = (char *)cifs_small_buf_get();
> + if (!next_buffer) {
> + cifs_server_dbg(VFS, "No memory for (large) SMB response\n");
> + return -1;
> + }
> memcpy(next_buffer, buf + next_cmd, pdu_length - next_cmd);
> }
>
> --
> 2.25.1
>
>
--
Thanks,
Steve
Powered by blists - more mailing lists