mirrors
/
deepin-kernel
mirror of https://github.com/deepin-community/kernel.git
8
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ksmbd: Use unsafe_memcpy() for ntlm_negotiate 

commit dfd046d0ce upstream.

rsp buffer is allocated larger than spnego_blob from
smb2_allocate_rsp_buf().

Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 107a48df3f942c49f9e0a96aaec96e7c6e89d8ff)
This commit is contained in:
Namjae Jeon 2024-08-15 08:56:35 +09:00 committed by Wentao Guan
parent a2c95dd7eb
commit 16f5a62770
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
fs/smb/server/smb2pdu.c
View File

@ -1380,7 +1380,8 @@ static int ntlm_negotiate(struct ksmbd_work *work,
}
sz = le16_to_cpu(rsp->SecurityBufferOffset);
memcpy((char *)&rsp->hdr.ProtocolId + sz, spnego_blob, spnego_blob_len);
unsafe_memcpy((char *)&rsp->hdr.ProtocolId + sz, spnego_blob, spnego_blob_len,
/* alloc is larger than blob, see smb2_allocate_rsp_buf() */);
rsp->SecurityBufferLength = cpu_to_le16(spnego_blob_len);
out:
@ -1463,7 +1464,9 @@ static int ntlm_authenticate(struct ksmbd_work *work,
return -ENOMEM;
sz = le16_to_cpu(rsp->SecurityBufferOffset);
memcpy((char *)&rsp->hdr.ProtocolId + sz, spnego_blob, spnego_blob_len);
unsafe_memcpy((char *)&rsp->hdr.ProtocolId + sz, spnego_blob,
spnego_blob_len,
/* alloc is larger than blob, see smb2_allocate_rsp_buf() */);
rsp->SecurityBufferLength = cpu_to_le16(spnego_blob_len);
kfree(spnego_blob);
}