diff options
author | Aurelien Aptel <aaptel@suse.com> | 2019-09-16 04:28:36 +0200 |
---|---|---|
committer | Steve French <stfrench@microsoft.com> | 2019-09-16 18:43:38 +0200 |
commit | 0892ba693f304ce3e9ca1f0a64a5cfc051454996 (patch) | |
tree | 59678f1b7714176901261169a26f5a01ac90e4a2 | |
parent | smb3: fix potential null dereference in decrypt offload (diff) | |
download | linux-0892ba693f304ce3e9ca1f0a64a5cfc051454996.tar.xz linux-0892ba693f304ce3e9ca1f0a64a5cfc051454996.zip |
cifs: modefromsid: make room for 4 ACE
when mounting with modefromsid, we end up writing 4 ACE in a security
descriptor that only has room for 3, thus triggering an out-of-bounds
write. fix this by changing the min size of a security descriptor.
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
-rw-r--r-- | fs/cifs/cifsacl.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/cifs/cifsacl.h b/fs/cifs/cifsacl.h index dd95a6fa24bf..eb428349f29a 100644 --- a/fs/cifs/cifsacl.h +++ b/fs/cifs/cifsacl.h @@ -45,7 +45,7 @@ */ #define DEFAULT_SEC_DESC_LEN (sizeof(struct cifs_ntsd) + \ sizeof(struct cifs_acl) + \ - (sizeof(struct cifs_ace) * 3)) + (sizeof(struct cifs_ace) * 4)) /* * Maximum size of a string representation of a SID: |