| Message ID | 20180802143952.16735-1-aaptel@suse.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [1/1] CIFS: fix uninitialized ptr deref in smb2 signing | expand |
Reviewed-by: Paulo Alcantara <palcantara@suse.com> On August 2, 2018 11:39:52 AM GMT-03:00, Aurelien Aptel <aaptel@suse.com> wrote: >server->secmech.sdeschmacsha256 is not properly initialized before >smb2_shash_allocate(), set shash after that call. > >also fix typo in error message > >Fixes: 8de8c4608fe9 ("cifs: Fix validation of signed data in smb2") > >Signed-off-by: Aurelien Aptel <aaptel@suse.com> >--- > fs/cifs/smb2transport.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > >diff --git a/fs/cifs/smb2transport.c b/fs/cifs/smb2transport.c >index 719d55e63d88..bf61c3774830 100644 >--- a/fs/cifs/smb2transport.c >+++ b/fs/cifs/smb2transport.c >@@ -173,7 +173,7 @@ smb2_calc_signature(struct smb_rqst *rqst, struct >TCP_Server_Info *server) > struct kvec *iov = rqst->rq_iov; > struct smb2_sync_hdr *shdr = (struct smb2_sync_hdr *)iov[0].iov_base; > struct cifs_ses *ses; >- struct shash_desc *shash = &server->secmech.sdeschmacsha256->shash; >+ struct shash_desc *shash; > struct smb_rqst drqst; > > ses = smb2_find_smb_ses(server, shdr->SessionId); >@@ -187,7 +187,7 @@ smb2_calc_signature(struct smb_rqst *rqst, struct >TCP_Server_Info *server) > > rc = smb2_crypto_shash_allocate(server); > if (rc) { >- cifs_dbg(VFS, "%s: shah256 alloc failed\n", __func__); >+ cifs_dbg(VFS, "%s: sha256 alloc failed\n", __func__); > return rc; > } > >@@ -198,6 +198,7 @@ smb2_calc_signature(struct smb_rqst *rqst, struct >TCP_Server_Info *server) > return rc; > } > >+ shash = &server->secmech.sdeschmacsha256->shash; > rc = crypto_shash_init(shash); > if (rc) { > cifs_dbg(VFS, "%s: Could not init sha256", __func__); >-- >2.13.7 > >-- >To unsubscribe from this list: send the line "unsubscribe linux-cifs" >in >the body of a message to majordomo@vger.kernel.org >More majordomo info at http://vger.kernel.org/majordomo-info.html
Merged into cifs-2.6.git for-next and added cc:stable On Thu, Aug 2, 2018 at 9:50 AM Paulo Alcantara <paulo@paulo.ac> wrote: > > Reviewed-by: Paulo Alcantara <palcantara@suse.com> > > On August 2, 2018 11:39:52 AM GMT-03:00, Aurelien Aptel <aaptel@suse.com> wrote: >> >> server->secmech.sdeschmacsha256 is not properly initialized before >> smb2_shash_allocate(), set shash after that call. >> >> also fix typo in error message >> >> Fixes: 8de8c4608fe9 ("cifs: Fix validation of signed data in smb2") >> >> Signed-off-by: Aurelien Aptel <aaptel@suse.com> >> --- >> fs/cifs/smb2transport.c | 5 +++-- >> 1 file changed, 3 insertions(+), 2 deletions(-) >> >> diff --git a/fs/cifs/smb2transport.c b/fs/cifs/smb2transport.c >> index 719d55e63d88..bf61c3774830 100644 >> --- a/fs/cifs/smb2transport.c >> +++ b/fs/cifs/smb2transport.c >> @@ -173,7 +173,7 @@ smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server) >> struct kvec *iov = rqst->rq_iov; >> struct smb2_sync_hdr *shdr = (struct smb2_sync_hdr *)iov[0].iov_base; >> struct cifs_ses *ses; >> - struct shash_desc *shash = &server->secmech.sdeschmacsha256->shash; >> + struct shash_desc *shash; >> struct smb_rqst drqst; >> >> ses = smb2_find_smb_ses(server, shdr->SessionId); >> @@ -187,7 +187,7 @@ smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server) >> >> rc = smb2_crypto_shash_allocate(server); >> if (rc) { >> - cifs_dbg(VFS, "%s: shah256 alloc failed\n", __func__); >> + cifs_dbg(VFS, "%s: sha256 alloc failed\n", __func__); >> return rc; >> } >> >> @@ -198,6 +198,7 @@ smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server) >> return rc; >> } >> >> + shash = &server->secmech.sdeschmacsha256->shash; >> rc = crypto_shash_init(shash); >> if (rc) { >> cifs_dbg(VFS, "%s: Could not init sha256", __func__); > > > -- > Sent from my Android device with K-9 Mail. Please excuse my brevity.
diff --git a/fs/cifs/smb2transport.c b/fs/cifs/smb2transport.c index 719d55e63d88..bf61c3774830 100644 --- a/fs/cifs/smb2transport.c +++ b/fs/cifs/smb2transport.c @@ -173,7 +173,7 @@ smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server) struct kvec *iov = rqst->rq_iov; struct smb2_sync_hdr *shdr = (struct smb2_sync_hdr *)iov[0].iov_base; struct cifs_ses *ses; - struct shash_desc *shash = &server->secmech.sdeschmacsha256->shash; + struct shash_desc *shash; struct smb_rqst drqst; ses = smb2_find_smb_ses(server, shdr->SessionId); @@ -187,7 +187,7 @@ smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server) rc = smb2_crypto_shash_allocate(server); if (rc) { - cifs_dbg(VFS, "%s: shah256 alloc failed\n", __func__); + cifs_dbg(VFS, "%s: sha256 alloc failed\n", __func__); return rc; } @@ -198,6 +198,7 @@ smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server) return rc; } + shash = &server->secmech.sdeschmacsha256->shash; rc = crypto_shash_init(shash); if (rc) { cifs_dbg(VFS, "%s: Could not init sha256", __func__);
server->secmech.sdeschmacsha256 is not properly initialized before smb2_shash_allocate(), set shash after that call. also fix typo in error message Fixes: 8de8c4608fe9 ("cifs: Fix validation of signed data in smb2") Signed-off-by: Aurelien Aptel <aaptel@suse.com> --- fs/cifs/smb2transport.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)