tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

smb: client: Add check for next_buffer in receive_encrypted_standard()

Add check for the return value of cifs_buf_get() and cifs_small_buf_get()
in receive_encrypted_standard() to prevent null pointer dereference.

Fixes: eec04ea11969 ("smb: client: fix OOB in receive_encrypted_standard()")
Cc: stable@vger.kernel.org
Signed-off-by: Haoxiang Li <haoxiang_li2024@163.com>
Signed-off-by: Steve French <stfrench@microsoft.com>

authored by Haoxiang Li and committed by Steve French 860ca5e5 e9a8cac0

options
unified split
Changed files
+4
fs
smb
client
smb2ops.c
+4
fs/smb/client/smb2ops.c
··· 4965 4965 next_buffer = (char *)cifs_buf_get(); 4966 4966 else 4967 4967 next_buffer = (char *)cifs_small_buf_get(); 4968 + if (!next_buffer) { 4969 + cifs_server_dbg(VFS, "No memory for (large) SMB response\n"); 4970 + return -1; 4971 + } 4968 4972 memcpy(next_buffer, buf + next_cmd, pdu_length - next_cmd); 4969 4973 } 4970 4974