TWxSoftware/twx-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
e38f65d317
twx-linux/fs/smb/client
History
Joshua Rogers 4012abe8a7 smb: client: validate change notify buffer before copy 
SMB2_change_notify called smb2_validate_iov() but ignored the return
code, then kmemdup()ed using server provided OutputBufferOffset/Length.

Check the return of smb2_validate_iov() and bail out on error.

Discovered with help from the ZeroPath security tooling.

Signed-off-by: Joshua Rogers <linux@joshua.hu>
Reviewed-by: Paulo Alcantara (Red Hat) <pc@manguebit.org>
Cc: stable@vger.kernel.org
Fixes: e3e9463414f61 ("smb3: improve SMB3 change notification support")
Signed-off-by: Steve French <stfrench@microsoft.com>
2025-11-07 10:15:43 -06:00
..
compress move asm/unaligned.h to linux/unaligned.h 2024-10-02 17:23:23 -04:00
asn1.c smb3: add support for IAKerb 2025-01-31 12:51:44 -06:00
cached_dir.c smb: client: fix potential UAF in smb2_close_cached_fid() 2025-11-04 08:53:28 -06:00
cached_dir.h smb: client: remove cfids_invalidation_worker 2025-10-09 11:18:09 -05:00
cifs_debug.c smb: client: account smb directory cache usage and per-tcon totals 2025-10-01 21:49:53 -05:00
cifs_debug.h
cifs_fs_sb.h smb:client: smb: client: Add reverse mapping from tcon to superblocks 2025-03-31 21:12:31 -05:00
cifs_ioctl.h smb: minor fix to use SMB2_NTLMV2_SESSKEY_SIZE for auth_key size 2025-06-21 11:03:25 -05:00
cifs_spnego_negtokeninit.asn1
cifs_spnego.c smb: client: Return a status code only as a constant in cifs_spnego_key_instantiate() 2025-10-07 11:12:19 -05:00
cifs_spnego.h
cifs_swn.c smb: client: Return directly after a failed genlmsg_new() in cifs_swn_send_register_message() 2025-10-07 14:28:16 -05:00
cifs_swn.h
cifs_unicode.c cifs: prevent NULL pointer dereference in UTF16 conversion 2025-09-04 11:43:31 -05:00
cifs_unicode.h
cifsacl.c smb: client: Return a status code only as a constant in sid_to_id() 2025-10-13 08:26:22 -05:00
cifsacl.h smb: client: Correct typos in multiple comments across various files 2024-10-02 17:52:24 -05:00
cifsencrypt.c smb: client: Remove obsolete crypto_shash allocations 2025-10-15 22:10:28 -05:00
cifsfs.c cifs: fix typo in enable_gcm_256 module parameter 2025-10-26 18:59:36 -05:00
cifsfs.h cifs: update internal version number 2025-10-10 11:10:01 -05:00
cifsglob.h cifs: Call the calc_signature functions directly 2025-10-23 02:47:20 -05:00
cifspdu.h cifs: Correctly set SMB1 SessionKey field in Session Setup Request 2025-06-01 20:43:49 -05:00
cifsproto.h smb: client: handle lack of IPC in dfs_cache_refresh() 2025-10-29 20:13:05 -05:00
cifsroot.c
cifssmb.c cifs: Add a couple of missing smb3_rw_credits tracepoints 2025-10-20 16:48:05 -05:00
cifstransport.c smb: client: fix mid_q_entry memleak leak with per-mid locking 2025-08-13 11:36:05 -05:00
compress.c cifs: Fix collect_sample() to handle any iterator type 2025-08-11 23:20:07 -05:00
compress.h smb: client: compress: LZ77 code improvements cleanup 2024-09-15 10:42:45 -05:00
connect.c smb: client: call smbd_destroy() in the same splace as kernel_sock_shutdown()/sock_release() 2025-10-29 20:13:13 -05:00
dfs_cache.c smb: client: handle lack of IPC in dfs_cache_refresh() 2025-10-29 20:13:05 -05:00
dfs_cache.h
dfs.c smb: client: don't trust DFSREF_STORAGE_SERVER bit 2025-02-05 21:09:00 -06:00
dfs.h smb: client: get rid of kstrdup() in get_ses_refpath() 2025-02-05 21:09:07 -06:00
dir.c smb: client: Use common code in cifs_do_create() 2025-10-07 13:31:27 -05:00
dns_resolve.c smb: client: provide dns_resolve_{unc,name} helpers 2025-01-19 19:34:00 -06:00
dns_resolve.h smb: client: provide dns_resolve_{unc,name} helpers 2025-01-19 19:34:00 -06:00
export.c
file.c smb: client: remove redudant assignment in cifs_strict_fsync() 2025-10-09 11:16:25 -05:00
fs_context.c 16 smb3 client fixes 2025-10-03 14:13:23 -07:00
fs_context.h smb: client: set symlink type as native for POSIX mounts 2025-08-01 00:16:19 -05:00
fscache.c
fscache.h
inode.c smb: client: get rid of d_drop() in cifs_do_rename() 2025-10-23 02:46:50 -05:00
ioctl.c smb: minor fix to use SMB2_NTLMV2_SESSKEY_SIZE for auth_key size 2025-06-21 11:03:25 -05:00
Kconfig smb: client: Remove obsolete crypto_shash allocations 2025-10-15 22:10:28 -05:00
link.c smb: client: Use MD5 library for M-F symlink hashing 2025-10-15 22:10:28 -05:00
Makefile cifs: Move the SMB1 transport code out of transport.c 2025-08-06 12:01:54 -05:00
misc.c cifs: parse_dfs_referrals: prevent oob on malformed input 2025-10-15 22:10:28 -05:00
namespace.c 13 smb3/cifs client fixes 2025-06-03 16:04:29 -07:00
netlink.c
netlink.h
netmisc.c cifs: Change translation of STATUS_PRIVILEGE_NOT_HELD to -EPERM 2025-01-29 16:52:25 -06:00
nterr.c cifs: Change translation of STATUS_NOT_A_REPARSE_POINT to -ENODATA 2025-01-26 23:12:03 -06:00
nterr.h cifs: Change translation of STATUS_NOT_A_REPARSE_POINT to -ENODATA 2025-01-26 23:12:03 -06:00
ntlmssp.h
readdir.c smb: client: account smb directory cache usage and per-tcon totals 2025-10-01 21:49:53 -05:00
reparse.c smb: client: fix spellings in comments 2025-09-02 20:37:17 -05:00
reparse.h cifs: Add support for creating reparse points over SMB1 2025-07-27 17:43:08 -05:00
rfc1002pdu.h cifs: Fix endian types in struct rfc1002_session_packet 2025-01-19 19:34:00 -06:00
sess.c smb: client: Consolidate cmac(aes) shash allocation 2025-10-15 22:10:28 -05:00
smb1ops.c cifs: Add fallback code path for cifs_mkdir_setinfo() 2025-10-09 23:01:24 -05:00
smb2file.c cifs: Do not add FILE_READ_ATTRIBUTES when using GENERIC_READ/EXECUTE/ALL 2025-04-01 04:58:09 -05:00
smb2glob.h smb: client: fix data loss due to broken rename(2) 2025-09-09 18:39:58 -05:00
smb2inode.c smb: client: fix refcount leak in smb2_set_path_attr 2025-11-04 16:03:56 -06:00
smb2maperror.c cifs: Change translation of STATUS_PRIVILEGE_NOT_HELD to -EPERM 2025-01-29 16:52:25 -06:00
smb2misc.c smb: client: Use SHA-512 library for SMB3.1.1 preauth hash 2025-10-15 22:10:28 -05:00
smb2ops.c smb: client: fix potential cfid UAF in smb2_query_info_compound 2025-10-28 08:41:36 -05:00
smb2pdu.c smb: client: validate change notify buffer before copy 2025-11-07 10:15:43 -06:00
smb2pdu.h smb: client: batch SRV_COPYCHUNK entries to cut round trips 2025-10-09 10:42:14 -05:00
smb2proto.h cifs: Call the calc_signature functions directly 2025-10-23 02:47:20 -05:00
smb2transport.c cifs: Call the calc_signature functions directly 2025-10-23 02:47:20 -05:00
smbdirect.c Seven ksmbd server fixes 2025-10-24 18:50:15 -07:00
smbdirect.h smb: client: change smbd_deregister_mr() to return void 2025-10-13 08:26:22 -05:00
smbencrypt.c
smberr.h
trace.c cifs: #include cifsglob.h before trace.h to allow structs in tracepoints 2025-10-23 02:47:20 -05:00
trace.h smb: client: batch SRV_COPYCHUNK entries to cut round trips 2025-10-09 10:42:14 -05:00
transport.c smb: client: transport: minor indentation style fix 2025-10-01 22:25:25 -05:00
unc.c
winucase.c
xattr.c smb: client: Omit one redundant variable assignment in cifs_xattr_set() 2025-10-13 08:26:22 -05:00