git.samba.org / sfrench / cifs-2.6.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b769949) | patch
staging: ncpfs: memory corruption in ncp_read_kernel()
authorDan Carpenter <dan.carpenter@oracle.com>
Mon, 19 Mar 2018 11:07:45 +0000 (14:07 +0300)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 19 Mar 2018 15:31:39 +0000 (16:31 +0100)
commit4c41aa24baa4ed338241d05494f2c595c885af8f
tree66e40138eae73dd94f4da1d9c2081992599c132etree
parentb769949981fb2f3201d42ecf66b4116861a8e998commit | diff
staging: ncpfs: memory corruption in ncp_read_kernel()

If the server is malicious then *bytes_read could be larger than the
size of the "target" buffer.  It would lead to memory corruption when we
do the memcpy().

Reported-by: Dr Silvio Cesare of InfoSect <Silvio Cesare <silvio.cesare@gmail.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/staging/ncpfs/ncplib_kernel.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.