OSDN Git Service

(root) / android-x86 / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6565bd3) | patch
cifs: integer overflow in in SMB2_ioctl()
authorDan Carpenter <dan.carpenter@oracle.com>
Mon, 10 Sep 2018 11:12:07 +0000 (14:12 +0300)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 26 Sep 2018 06:39:34 +0000 (08:39 +0200)
commitf63dbd23e8a7d1d342c6dbe7033039326da2a5ed
treeaac557e142cd5258074b2bc6fd36ee8d40ec009ctree | snapshot
parent6565bd3e63d393fecf9d549dac20b1889810e02fcommit | diff
cifs: integer overflow in in SMB2_ioctl()

commit 2d204ee9d671327915260071c19350d84344e096 upstream.

The "le32_to_cpu(rsp->OutputOffset) + *plen" addition can overflow and
wrap around to a smaller value which looks like it would lead to an
information leak.

Fixes: 4a72dafa19ba ("SMB2 FSCTL and IOCTL worker function")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
CC: Stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
fs/cifs/smb2pdu.c diff | blob | history
kernel
About OSDN
Find Software
Develop Software
Help