The subject lines for patch 2/3 and patch 3/3 incorrectly mentioned "5.10.y" instead of the intended "5.15.y." These patches are intended for the 5.15.y branch, not the 5.10.y branch.
On Sun, Feb 11, 2024 at 1:43 AM Guruswamy Basavaiah guruswamy.basavaiah@broadcom.com wrote:
Here are the three backported patches aimed at addressing a potential crash and an actual crash.
Patch 1 Fix potential OOB access in receive_encrypted_standard() if server returned a large shdr->NextCommand in cifs.
Patch 2 fix validate offsets and lengths before dereferencing create contexts in smb2_parse_contexts().
Patch 3 fix issue in patch 2.
The original patches were authored by Paulo Alcantara pc@manguebit.com. Original Patches:
- eec04ea11969 ("smb: client: fix OOB in receive_encrypted_standard()")
- af1689a9b770 ("smb: client: fix potential OOBs in smb2_parse_contexts()")
- 76025cc2285d ("smb: client: fix parsing of SMB3.1.1 POSIX create context")
Please review and consider applying these patches.
https://lore.kernel.org/all/2023121834-semisoft-snarl-49ad@gregkh/
fs/cifs/smb2ops.c | 4 +++- fs/cifs/smb2pdu.c | 93 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++------------------------------------- fs/cifs/smb2proto.h | 12 +++++++----- 3 files changed, 66 insertions(+), 43 deletions(-)