mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-11-24 12:44:11 +08:00
79ed288cef
There are multiple smb2_ea_info buffers in FILE_FULL_EA_INFORMATION request from client. ksmbd find next smb2_ea_info using ->NextEntryOffset of current smb2_ea_info. ksmbd need to validate buffer length Before accessing the next ea. ksmbd should check buffer length using buf_len, not next variable. next is the start offset of current ea that got from previous ea. Cc: stable@vger.kernel.org Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-21598 Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> |
||
|---|---|---|
| .. | ||
| mgmt | ||
| asn1.c | ||
| asn1.h | ||
| auth.c | ||
| auth.h | ||
| connection.c | ||
| connection.h | ||
| crypto_ctx.c | ||
| crypto_ctx.h | ||
| glob.h | ||
| Kconfig | ||
| ksmbd_netlink.h | ||
| ksmbd_spnego_negtokeninit.asn1 | ||
| ksmbd_spnego_negtokentarg.asn1 | ||
| ksmbd_work.c | ||
| ksmbd_work.h | ||
| Makefile | ||
| misc.c | ||
| misc.h | ||
| ndr.c | ||
| ndr.h | ||
| nterr.h | ||
| ntlmssp.h | ||
| oplock.c | ||
| oplock.h | ||
| server.c | ||
| server.h | ||
| smb2misc.c | ||
| smb2ops.c | ||
| smb2pdu.c | ||
| smb2pdu.h | ||
| smb_common.c | ||
| smb_common.h | ||
| smbacl.c | ||
| smbacl.h | ||
| smbfsctl.h | ||
| smbstatus.h | ||
| transport_ipc.c | ||
| transport_ipc.h | ||
| transport_rdma.c | ||
| transport_rdma.h | ||
| transport_tcp.c | ||
| transport_tcp.h | ||
| unicode.c | ||
| unicode.h | ||
| uniupr.h | ||
| vfs_cache.c | ||
| vfs_cache.h | ||
| vfs.c | ||
| vfs.h | ||
| xattr.h | ||