Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3845c736 authored by Dan Carpenter's avatar Dan Carpenter Committed by Greg Kroah-Hartman
Browse files

cifs: integer overflow in in SMB2_ioctl() 



commit 2d204ee9 upstream

The "le32_to_cpu(rsp->OutputOffset) + *plen" addition can overflow and
wrap around to a smaller value which looks like it would lead to an
information leak.

Fixes: 4a72dafa ("SMB2 FSCTL and IOCTL worker function")
Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
Reviewed-by: default avatarAurelien Aptel <aaptel@suse.com>
CC: Stable <stable@vger.kernel.org>
Signed-off-by: default avatarSudip Mukherjee <sudipm.mukherjee@gmail.com>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
parent 0d9b5136
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment