cifs: modefromsid: make room for 4 ACE

when mounting with modefromsid, we end up writing 4 ACE in a security descriptor that only has room for 3, thus triggering an out-of-bounds write. fix this by changing the min size of a security descriptor. Signed-off-by: N Aurelien Aptel <aaptel@suse.com> Signed-off-by: N Steve French <stfrench@microsoft.com>

cifs: modefromsid: make room for 4 ACE
when mounting with modefromsid, we end up writing 4 ACE in a security descriptor that only has room for 3, thus triggering an out-of-bounds write. fix this by changing the min size of a security descriptor. Signed-off-by: N Aurelien Aptel <aaptel@suse.com> Signed-off-by: N Steve French <stfrench@microsoft.com>
0892ba69 · Aurelien Aptel · Steve French · 2255397c · 0892ba69
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

fs/cifs/cifsacl.h fs/cifs/cifsacl.h +1 -1

未找到文件。
--- a/fs/cifs/cifsacl.h
+++ b/fs/cifs/cifsacl.h
@@ -45,7 +45,7 @@
 */
 #define DEFAULT_SEC_DESC_LEN (sizeof(struct cifs_ntsd) + \
 			      sizeof(struct cifs_acl) + \
-			      (sizeof(struct cifs_ace) * 3))
+			      (sizeof(struct cifs_ace) * 4))

 /*
 * Maximum size of a string representation of a SID: