oss-sec mailing list archives
Re: CVE request? buffer overflow in CIFS in 2.6.*
From: Marcus Meissner <meissner () suse de>
Date: Tue, 7 Apr 2009 10:52:15 +0200
On Tue, Apr 07, 2009 at 01:41:44PM +0800, Eugene Teo wrote:
Hi Marcus, Marcus Meissner wrote:Fixes a kmalloc area overflow in CIFS, number of overwritten bytes is depending on the codepage converted to. The data seems to come from a remote generated reply blob even, correct me if I am wrong. :/Looks like it's part of the session setup. The NativeFileSystem field is part of the Tree Connect response (TCon for short).And I wonder if "len*2" is sufficient, can't a UCS -> UTF8 conversion generate more than 2 byte utf-8 characters for 1 ucs character?I understand that someone from your side is working on a better patch for this. Do keep us updated when it goes upstream.
tracked in the public bugzilla entry: https://bugzilla.novell.com/show_bug.cgi?id=492282 and: http://lists.samba.org/archive/linux-cifs-client/2009-April/004322.html ff. for the cifs discussion. Ciao, Marcus
Current thread:
- CVE request? buffer overflow in CIFS in 2.6.* Marcus Meissner (Apr 04)
- Re: CVE request? buffer overflow in CIFS in 2.6.* Eugene Teo (Apr 06)
- Re: CVE request? buffer overflow in CIFS in 2.6.* Marcus Meissner (Apr 07)
- Re: CVE request? buffer overflow in CIFS in 2.6.* Eugene Teo (Apr 20)
- Re: CVE request? buffer overflow in CIFS in 2.6.* Marcus Meissner (Apr 21)
- Re: CVE request? buffer overflow in CIFS in 2.6.* Eugene Teo (Apr 21)
- Re: CVE request? buffer overflow in CIFS in 2.6.* Steven M. Christey (Apr 24)
- Re: CVE request? buffer overflow in CIFS in 2.6.* Eugene Teo (Apr 25)
- Re: CVE request? buffer overflow in CIFS in 2.6.* dann frazier (Apr 29)
- Re: CVE request? buffer overflow in CIFS in 2.6.* Steven French (Apr 29)
- Re: CVE request? buffer overflow in CIFS in 2.6.* dann frazier (Apr 29)
- Re: CVE request? buffer overflow in CIFS in 2.6.* Eugene Teo (Apr 29)
- Update - Re: [oss-security] CVE request? buffer overflow in CIFS in 2.6.* Eugene Teo (May 13)
- Re: CVE request? buffer overflow in CIFS in 2.6.* Marcus Meissner (Apr 07)
- Re: CVE request? buffer overflow in CIFS in 2.6.* Eugene Teo (Apr 06)