[Bug 258504] smbfs doesn't validate msg fields -> potential kernel page fault

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 258504] smbfs doesn't validate msg fields -> potential kernel page fault"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 28 Jul 2023 22:28:15 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=258504

John Baldwin <jhb@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|bugs@FreeBSD.org            |jhb@FreeBSD.org
                 CC|                            |jhb@FreeBSD.org

--- Comment #1 from John Baldwin <jhb@FreeBSD.org> ---
I think there is also a bug in that smb_t2_placedata assumes that the last mbuf
in the chain is large enough to contain all of the bits to be discarded.  I've
replaced that with a call to m_adj() with a negative length which trims from
the end while handling this case.

I have not yet tested a potential fix as setting up samba is a bit more work
than some of the other bugs.  If it is not easy to test potential fix locally I
can work on recreating the testing setup to test.

https://reviews.freebsd.org/D41229

-- 
You are receiving this mail because:
You are the assignee for the bug.