cifs: integer overflow in in SMB2_ioctl() - linux

diff options

author	Dan Carpenter <dan.carpenter@oracle.com>	2018-09-10 13:12:07 +0200
committer	Steve French <stfrench@microsoft.com>	2018-09-12 16:32:07 +0200
commit	2d204ee9d671327915260071c19350d84344e096 (patch)
tree	d1ef8c358f51282c7fc382be90af5662872ac882 /certs
parent	CIFS: fix wrapping bugs in num_entries() (diff)
download	linux-2d204ee9d671327915260071c19350d84344e096.tar.xz linux-2d204ee9d671327915260071c19350d84344e096.zip

cifs: integer overflow in in SMB2_ioctl()

The "le32_to_cpu(rsp->OutputOffset) + *plen" addition can overflow and wrap around to a smaller value which looks like it would lead to an information leak. Fixes: 4a72dafa19ba ("SMB2 FSCTL and IOCTL worker function") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Steve French <stfrench@microsoft.com> Reviewed-by: Aurelien Aptel <aaptel@suse.com> CC: Stable <stable@vger.kernel.org>

Diffstat (limited to 'certs')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: