linux/fs/cifs
Jerome Marchand b8da344b74 cifs: dynamic allocation of ntlmssp blob
In sess_auth_rawntlmssp_authenticate(), the ntlmssp blob is allocated
statically and its size is an "empirical" 5*sizeof(struct
_AUTHENTICATE_MESSAGE) (320B on x86_64). I don't know where this value
comes from or if it was ever appropriate, but it is currently
insufficient: the user and domain name in UTF16 could take 1kB by
themselves. Because of that, build_ntlmssp_auth_blob() might corrupt
memory (out-of-bounds write). The size of ntlmssp_blob in
SMB2_sess_setup() is too small too (sizeof(struct _NEGOTIATE_MESSAGE)
+ 500).

This patch allocates the blob dynamically in
build_ntlmssp_auth_blob().

Signed-off-by: Jerome Marchand <jmarchan@redhat.com>
Signed-off-by: Steve French <smfrench@gmail.com>
CC: Stable <stable@vger.kernel.org>
2016-06-23 23:45:07 -05:00
..
asn1.c [CIFS] cifs: Rename cERROR and cFYI to cifs_dbg 2013-05-04 22:17:23 -05:00
cache.c [CIFS] cifs: Rename cERROR and cFYI to cifs_dbg 2013-05-04 22:17:23 -05:00
cifs_debug.c lib: update single-char callers of strtobool() 2016-03-17 15:09:34 -07:00
cifs_debug.h lib: update single-char callers of strtobool() 2016-03-17 15:09:34 -07:00
cifs_dfs_ref.c cifs: remove any preceding delimiter from prefix_path 2016-05-17 14:09:33 -05:00
cifs_fs_sb.h Allow conversion of characters in Mac remap range. Part 1 2014-10-16 15:20:20 -05:00
cifs_ioctl.h Add way to query server fs info for smb3 2015-08-20 10:19:25 -05:00
cifs_spnego.c cifs: Create dedicated keyring for spnego operations 2016-05-19 21:56:30 -05:00
cifs_spnego.h
cifs_unicode.c Fix to convert SURROGATE PAIR 2015-05-20 13:12:51 -05:00
cifs_unicode.h Remap reserved posix characters by default (part 3/3) 2014-10-16 15:20:20 -05:00
cifs_uniupr.h
cifsacl.c KEYS: Add a facility to restrict new links into a keyring 2016-04-11 22:37:37 +01:00
cifsacl.h cifs: fix SID binary to string conversion 2012-12-11 11:48:49 -06:00
cifsencrypt.c cifs: merge the hash calculation helpers 2016-03-28 14:05:27 -04:00
cifsfs.c cifs: stuff the fl_owner into "pid" field in the lock request 2016-06-23 23:44:44 -05:00
cifsfs.h Merge branch 'for-next' of git://git.samba.org/sfrench/cifs-2.6 2016-05-18 10:01:47 -07:00
cifsglob.h cifs: stuff the fl_owner into "pid" field in the lock request 2016-06-23 23:44:44 -05:00
cifspdu.h Add way to query server fs info for smb3 2015-08-20 10:19:25 -05:00
cifsproto.h cifs: Create dedicated keyring for spnego operations 2016-05-19 21:56:30 -05:00
cifssmb.c Merge branch 'sendmsg.cifs' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2016-05-18 10:17:56 -07:00
connect.c Merge branch 'sendmsg.cifs' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2016-05-18 10:17:56 -07:00
dir.c Fix that several functions handle incorrect value of mapchars 2015-05-10 19:56:35 -05:00
dns_resolve.c cifs: fix composing of mount options for DFS referrals 2013-05-24 13:08:31 -05:00
dns_resolve.h
export.c [CIFS] cifs: Rename cERROR and cFYI to cifs_dbg 2013-05-04 22:17:23 -05:00
file.c cifs: stuff the fl_owner into "pid" field in the lock request 2016-06-23 23:44:44 -05:00
fscache.c NFS client updates for Linux 3.13 2013-11-08 05:57:46 +09:00
fscache.h CIFS: FS-Cache: Uncache unread pages in cifs_readpages() before freeing them 2013-09-18 10:17:03 -05:00
inode.c Merge getxattr prototype change into work.lookups 2016-05-02 19:45:47 -04:00
ioctl.c vfs: pull btrfs clone API to vfs layer 2015-12-07 23:11:33 -05:00
Kconfig Allow parsing vers=3.11 on cifs mount 2015-06-27 20:23:32 -07:00
link.c switch ->get_link() to delayed_call, kill ->put_link() 2015-12-30 13:01:03 -05:00
Makefile cifs: Switch to generic xattr handlers 2016-04-23 15:33:03 -04:00
misc.c Prepare for encryption support (first part). Add decryption and encryption key generation. Thanks to Metze for helping with this. 2016-01-14 14:29:42 -06:00
netmisc.c Fix signed/unsigned pointer warning 2014-12-14 14:55:57 -06:00
nterr.c CIFS: Rename 7 error codes to NT_ style 2012-07-24 10:25:10 -05:00
nterr.h CIFS: Rename 7 error codes to NT_ style 2012-07-24 10:25:10 -05:00
ntlmssp.h cifs: dynamic allocation of ntlmssp blob 2016-06-23 23:45:07 -05:00
readdir.c cifs: Use file_dentry() 2016-05-17 14:09:33 -05:00
rfc1002pdu.h
sess.c cifs: dynamic allocation of ntlmssp blob 2016-06-23 23:45:07 -05:00
smb1ops.c Fix that several functions handle incorrect value of mapchars 2015-05-10 19:56:35 -05:00
smb2file.c Add resilienthandles mount parm 2015-11-03 10:10:36 -06:00
smb2glob.h remove directory incorrectly tries to set delete on close on non-empty directories 2016-05-17 14:09:44 -05:00
smb2inode.c remove directory incorrectly tries to set delete on close on non-empty directories 2016-05-17 14:09:44 -05:00
smb2maperror.c Fix problem recognizing symlinks 2014-10-02 14:10:04 -05:00
smb2misc.c Prepare for encryption support (first part). Add decryption and encryption key generation. Thanks to Metze for helping with this. 2016-01-14 14:29:42 -06:00
smb2ops.c Prepare for encryption support (first part). Add decryption and encryption key generation. Thanks to Metze for helping with this. 2016-01-14 14:29:42 -06:00
smb2pdu.c cifs: dynamic allocation of ntlmssp blob 2016-06-23 23:45:07 -05:00
smb2pdu.h Prepare for encryption support (first part). Add decryption and encryption key generation. Thanks to Metze for helping with this. 2016-01-14 14:29:42 -06:00
smb2proto.h remove directory incorrectly tries to set delete on close on non-empty directories 2016-05-17 14:09:44 -05:00
smb2status.h CIFS: Add SMB2 status codes 2012-07-24 10:25:13 -05:00
smb2transport.c cifs: merge the hash calculation helpers 2016-03-28 14:05:27 -04:00
smbencrypt.c cifs: Use skcipher 2016-01-27 20:35:53 +08:00
smberr.h
smbfsctl.h [SMB3] Send durable handle v2 contexts when use of persistent handles required 2015-11-03 09:26:27 -06:00
transport.c cifs: quit playing games with draining iovecs 2016-03-28 14:05:32 -04:00
winucase.c [CIFS] quiet sparse compile warning 2013-09-08 14:54:24 -05:00
xattr.c switch xattr_handler->set() to passing dentry and inode separately 2016-05-27 15:39:43 -04:00