lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAKYAXd9B2zLEfxWKfCGEEgBPA91N=fUR_7zDmntv=Bp0zD_7wg@mail.gmail.com>
Date: Thu, 22 Jan 2026 13:39:09 +0900
From: Namjae Jeon <linkinjeon@...nel.org>
To: Kery Qi <qikeyu2017@...il.com>
Cc: smfrench@...il.com, senozhatsky@...omium.org, tom@...pey.com, 
	mmakassikis@...ebox.fr, linux-cifs@...r.kernel.org, 
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] ksmbd: validate DataOffset in smb2_write_pipe()

On Thu, Jan 22, 2026 at 11:10 AM Kery Qi <qikeyu2017@...il.com> wrote:
>
> The check of DataOffset in smb2_write_pipe() is insufficient. If
> DataOffset is 0 or smaller than offsetof(struct smb2_write_req, Buffer),
> data_buf will point to the SMB2 header instead of the actual data
> buffer, leading to out-of-bounds read.
How can out-of-bounds occur when the previous checks ensure that the
length does not exceed the request buffer?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ