ksmbd: fix out of bounds read in smb2_sess_setup
mainline inclusion from mainline-v6.5-rc1 commit 98422bdd4cb3ca4d08844046f6507d7ec2c2b8d8 category: bugfix bugzilla: 189112, https://gitee.com/openeuler/kernel/issues/I7SVRC CVE: CVE-2023-3867 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=98422bdd4cb3ca4d08844046f6507d7ec2c2b8d8 ---------------------------------------------------------------------- ksmbd does not consider the case of that smb2 session setup is in compound request. If this is the second payload of the compound, OOB read issue occurs while processing the first payload in the smb2_sess_setup(). Cc: stable@vger.kernel.org Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-21355 Signed-off-by: NNamjae Jeon <linkinjeon@kernel.org> Signed-off-by: NSteve French <stfrench@microsoft.com> Signed-off-by: NLi Nan <linan122@huawei.com> (cherry picked from commit 6a896802)
Showing
想要评论请 注册 或 登录