3ac65de111
commit bf21e29d78cd2c2371023953d9c82dfef82ebb36 upstream. Access psid->sub_auth[psid->num_subauth - 1] without checking if num_subauth is non-zero leads to an out-of-bounds read. This patch adds a validation step to ensure num_subauth != 0 before sub_auth is accessed. Cc: stable@vger.kernel.org Signed-off-by: Norbert Szetei <norbert@doyensec.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|---|---|---|
| .. | ||
| mgmt | ||
| asn1.c | ||
| asn1.h | ||
| auth.c | ||
| auth.h | ||
| connection.c | ||
| connection.h | ||
| crypto_ctx.c | ||
| crypto_ctx.h | ||
| glob.h | ||
| Kconfig | ||
| ksmbd_netlink.h | ||
| ksmbd_spnego_negtokeninit.asn1 | ||
| ksmbd_spnego_negtokentarg.asn1 | ||
| ksmbd_work.c | ||
| ksmbd_work.h | ||
| Makefile | ||
| misc.c | ||
| misc.h | ||
| ndr.c | ||
| ndr.h | ||
| nterr.h | ||
| ntlmssp.h | ||
| oplock.c | ||
| oplock.h | ||
| server.c | ||
| server.h | ||
| smb2misc.c | ||
| smb2ops.c | ||
| smb2pdu.c | ||
| smb2pdu.h | ||
| smb_common.c | ||
| smb_common.h | ||
| smbacl.c | ||
| smbacl.h | ||
| smbfsctl.h | ||
| smbstatus.h | ||
| transport_ipc.c | ||
| transport_ipc.h | ||
| transport_rdma.c | ||
| transport_rdma.h | ||
| transport_tcp.c | ||
| transport_tcp.h | ||
| unicode.c | ||
| unicode.h | ||
| uniupr.h | ||
| vfs_cache.c | ||
| vfs_cache.h | ||
| vfs.c | ||
| vfs.h | ||
| xattr.h | ||