Commit 06a02544 authored by Norbert Szetei's avatar Norbert Szetei Committed by Steve French
Browse files

ksmbd: align aux_payload_buf to avoid OOB reads in cryptographic operations 



The aux_payload_buf allocation in SMB2 read is performed without ensuring
alignment, which could result in out-of-bounds (OOB) reads during
cryptographic operations such as crypto_xor or ghash. This patch aligns
the allocation of aux_payload_buf to prevent these issues.
(Note that to add this patch to stable would require modifications due
to recent patch "ksmbd: use __GFP_RETRY_MAYFAIL")

Signed-off-by: default avatarNorbert Szetei <norbert@doyensec.com>
Acked-by: default avatarNamjae Jeon <linkinjeon@kernel.org>
Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
parent 313dab08

fs/smb/server/smb2pdu.c

+1 −1
Original line number Diff line number Diff line
@@ -6680,7 +6680,7 @@ int smb2_read(struct ksmbd_work *work) 
	ksmbd_debug(SMB, "filename %pD, offset %lld, len %zu\n",

		    fp->filp, offset, length);



	aux_payload_buf = kvzalloc(length, KSMBD_DEFAULT_GFP);

	aux_payload_buf = kvzalloc(ALIGN(length, 8), KSMBD_DEFAULT_GFP);

	if (!aux_payload_buf) {

		err = -ENOMEM;

		goto out;