hamza.kesraoui/sst-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ksmbd: validate zero num_subauth before sub_auth is accessed

Browse Source 
commit bf21e29d78cd2c2371023953d9c82dfef82ebb36 upstream.

Access psid->sub_auth[psid->num_subauth - 1] without checking
if num_subauth is non-zero leads to an out-of-bounds read.
This patch adds a validation step to ensure num_subauth != 0
before sub_auth is accessed.

Cc: stable@vger.kernel.org
Signed-off-by: Norbert Szetei <norbert@doyensec.com>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Norbert Szetei 2025-03-29 16:06:01 +00:00 committed by Greg Kroah-Hartman
parent 596407adb9
commit 3ac65de111
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
fs/smb/server/smbacl.c
View File

@ -270,6 +270,11 @@ static int sid_to_id(struct user_namespace *user_ns,
return -EIO; return -EIO;
} }
if (psid->num_subauth == 0) {
pr_err("%s: zero subauthorities!\n", __func__);
return -EIO;
}
if (sidtype == SIDOWNER) { if (sidtype == SIDOWNER) {
kuid_t uid; kuid_t uid;
uid_t id; uid_t id;