Correction: The subject line in my previous message erroneously stated "5.10.y" in patch 2/3 and 3/3, instead of the correct "5.15.y." Sending again after correction.
Here are the three backported patches aimed at addressing a potential crash and an actual crash.
Patch 1 Fix potential OOB access in receive_encrypted_standard() if server returned a large shdr->NextCommand in cifs.
Patch 2 fix validate offsets and lengths before dereferencing create contexts in smb2_parse_contexts().
Patch 3 fix issue in patch 2.
The original patches were authored by Paulo Alcantara pc@manguebit.com. Original Patches: 1. eec04ea11969 ("smb: client: fix OOB in receive_encrypted_standard()") 2. af1689a9b770 ("smb: client: fix potential OOBs in smb2_parse_contexts()") 3. 76025cc2285d ("smb: client: fix parsing of SMB3.1.1 POSIX create context")
Please review and consider applying these patches.
https://lore.kernel.org/all/2023121834-semisoft-snarl-49ad@gregkh/
fs/cifs/smb2ops.c | 4 +++- fs/cifs/smb2pdu.c | 93 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++------------------------------------- fs/cifs/smb2proto.h | 12 +++++++----- 3 files changed, 66 insertions(+), 43 deletions(-)