oss-sec mailing list archives
CVE request: kernel: cifs: fix unicode string area word alignment in session setup
From: Eugene Teo <eugene () redhat com>
Date: Mon, 20 Apr 2009 14:26:08 +0800
According to the upstream commit 27b87fe5, "the handling of unicode string area alignment is wrong. decode_unicode_ssetup improperly assumes that it will always be preceded by a pad byte. This isn't the case if the string area is already word-aligned. This problem, combined with the bad buffer sizing for the serverDomain string can cause memory corruption. The bad alignment can make it so that the alignment of the characters is off. This can make them translate to characters that are greater than 2 bytes each. If this happens we can overflow the allocation." This is similar to the bug Marcus posted recently. https://bugzilla.redhat.com/show_bug.cgi?id=496572 http://git.kernel.org/linus/27b87fe52baba0a55e9723030e76fce94fabcea4 http://lists.samba.org/archive/linux-cifs-client/2009-April/004399.html Thanks, Eugene -- Eugene Teo / Red Hat Security Response Team
Current thread:
- CVE request: kernel: cifs: fix unicode string area word alignment in session setup Eugene Teo (Apr 19)