diff options
author | Kuan-Ting Chen <h3xrabbit@gmail.com> | 2023-05-19 23:00:24 +0900 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2023-06-09 10:34:28 +0200 |
commit | 4f303c0b9d5dcfefddf4e4e088462519f162c078 (patch) | |
tree | 0ce3f7d190a1efa5c2fe668f3300ee734dcb7039 /crypto | |
parent | 522a9417f64908b5d4938fac3d0f831e65e4f933 (diff) | |
download | linux-4f303c0b9d5dcfefddf4e4e088462519f162c078.tar.gz |
ksmbd: fix multiple out-of-bounds read during context decoding
commit 0512a5f89e1fae74251fde6893ff634f1c96c6fb upstream. Check the remaining data length before accessing the context structure to ensure that the entire structure is contained within the packet. Additionally, since the context data length `ctxt_len` has already been checked against the total packet length `len_of_ctxts`, update the comparison to use `ctxt_len`. Cc: stable@vger.kernel.org Signed-off-by: Kuan-Ting Chen <h3xrabbit@gmail.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'crypto')
0 files changed, 0 insertions, 0 deletions