I am withdrawing the current series of patches submitted with subject "Backport Fixes to 5.15.y" to branch 5.15.y, as they had the wrong branch information in the subject line. The correct branch information will be included in the subject line and I will resend the patches shortly. I apologize for any confusion caused.
Guru
On Sun, Feb 11, 2024 at 2:25 AM Guruswamy Basavaiah guruswamy.basavaiah@broadcom.com wrote:
The subject lines for patch 2/3 and patch 3/3 incorrectly mentioned "5.10.y" instead of the intended "5.15.y." These patches are intended for the 5.15.y branch, not the 5.10.y branch.
On Sun, Feb 11, 2024 at 1:43 AM Guruswamy Basavaiah guruswamy.basavaiah@broadcom.com wrote:
Here are the three backported patches aimed at addressing a potential crash and an actual crash.
Patch 1 Fix potential OOB access in receive_encrypted_standard() if server returned a large shdr->NextCommand in cifs.
Patch 2 fix validate offsets and lengths before dereferencing create contexts in smb2_parse_contexts().
Patch 3 fix issue in patch 2.
The original patches were authored by Paulo Alcantara pc@manguebit.com. Original Patches:
- eec04ea11969 ("smb: client: fix OOB in receive_encrypted_standard()")
- af1689a9b770 ("smb: client: fix potential OOBs in smb2_parse_contexts()")
- 76025cc2285d ("smb: client: fix parsing of SMB3.1.1 POSIX create context")
Please review and consider applying these patches.
https://lore.kernel.org/all/2023121834-semisoft-snarl-49ad@gregkh/
fs/cifs/smb2ops.c | 4 +++- fs/cifs/smb2pdu.c | 93 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++------------------------------------- fs/cifs/smb2proto.h | 12 +++++++----- 3 files changed, 66 insertions(+), 43 deletions(-)