Commit 860ca5e5 authored Feb 17, 2025 by Haoxiang Li Committed by Steve French Feb 20, 2025

smb: client: Add check for next_buffer in receive_encrypted_standard()



Add check for the return value of cifs_buf_get() and cifs_small_buf_get()
in receive_encrypted_standard() to prevent null pointer dereference.

Fixes: eec04ea1 ("smb: client: fix OOB in receive_encrypted_standard()")
Cc: stable@vger.kernel.org
Signed-off-by: Haoxiang Li <haoxiang_li2024@163.com>
Signed-off-by: Steve French <stfrench@microsoft.com>

parent e9a8cac0

fs/smb/client/smb2ops.c

+4 −0

Original line number	Diff line number	Diff line
		@@ -4965,6 +4965,10 @@ receive_encrypted_standard(struct TCP_Server_Info *server,
		next_buffer = (char *)cifs_buf_get();
		else
		next_buffer = (char *)cifs_small_buf_get();
		if (!next_buffer) {
		cifs_server_dbg(VFS, "No memory for (large) SMB response\n");
		return -1;
		}
		memcpy(next_buffer, buf + next_cmd, pdu_length - next_cmd);
		}