Skip to content

Commit

Permalink
ksmbd: validate zero num_subauth before sub_auth is accessed
Browse files Browse the repository at this point in the history 
Access psid->sub_auth[psid->num_subauth - 1] without checking
if num_subauth is non-zero leads to an out-of-bounds read.
This patch adds a validation step to ensure num_subauth != 0
before sub_auth is accessed.

Cc: stable@vger.kernel.org
Signed-off-by: Norbert Szetei <norbert@doyensec.com>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
  • Loading branch information
Norbert Szetei authored and Steve French committed Apr 1, 2025
1 parent beff0bc commit bf21e29
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions fs/smb/server/smbacl.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -270,6 +270,11 @@ static int sid_to_id(struct mnt_idmap *idmap,
return -EIO;
}

if (psid->num_subauth == 0) {
pr_err("%s: zero subauthorities!\n", __func__);
return -EIO;
}

if (sidtype == SIDOWNER) {
kuid_t uid;
uid_t id;
Expand Down

0 comments on commit bf21e29

Please sign in to comment.