Commit 3ac65de1 authored Mar 29, 2025 by Norbert Szetei Committed by Greg Kroah-Hartman Apr 10, 2025

ksmbd: validate zero num_subauth before sub_auth is accessed



commit bf21e29d upstream.

Access psid->sub_auth[psid->num_subauth - 1] without checking
if num_subauth is non-zero leads to an out-of-bounds read.
This patch adds a validation step to ensure num_subauth != 0
before sub_auth is accessed.

Cc: stable@vger.kernel.org
Signed-off-by: Norbert Szetei <norbert@doyensec.com>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent 596407ad

Show whitespace changes

Inline Side-by-side

CodeLinaro @codelinaro
mentioned in commit a4fc1bef
· Nov 05, 2025

mentioned in commit a4fc1bef

mentioned in commit a4fc1bef05011a82d092806b03e9c113b2c55eaa

Toggle commit list

Please to comment