]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/commit
projects / mirror_ubuntu-artful-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 046a62e) | patch
staging: ncpfs: memory corruption in ncp_read_kernel()
authorDan Carpenter <dan.carpenter@oracle.com>
Mon, 23 Apr 2018 08:45:00 +0000 (10:45 +0200)
committerKleber Sacilotto de Souza <kleber.souza@canonical.com>
Mon, 7 May 2018 11:15:57 +0000 (13:15 +0200)
commit33b0aa17ca785d849db28c020d7118e69789e8c7
tree8e35fa7ff9ec7e1fb0fe58811be4fd410661c6fftree
parent046a62e03315edbf86963fc91428228679724fc7commit | diff
staging: ncpfs: memory corruption in ncp_read_kernel()

CVE-2018-8822

If the server is malicious then *bytes_read could be larger than the
size of the "target" buffer.  It would lead to memory corruption when we
do the memcpy().

Reported-by: Dr Silvio Cesare of InfoSect <Silvio Cesare <silvio.cesare@gmail.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(backported from commit 4c41aa24baa4ed338241d05494f2c595c885af8f)
Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Colin King <colin.king@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
fs/ncpfs/ncplib_kernel.c diff | blob | blame | history
Ubuntu Artful kernel mirror