raspi/linux
1
0
Fork 1
mirror of https://github.com/raspberrypi/linux.git synced 2025-12-07 10:29:52 +00:00
Code Issues Projects Releases Wiki Activity
Files
68912df901b9807a708cd1599b30fa56548d15e1
linux/fs/cifs
History
Jann Horn c1589311c9 CIFS: fix type confusion in copy offload ioctl 
commit 4c17a6d56b upstream.

This might lead to local privilege escalation (code execution as
kernel) for systems where the following conditions are met:

 - CONFIG_CIFS_SMB2 and CONFIG_CIFS_POSIX are enabled
 - a cifs filesystem is mounted where:
  - the mount option "vers" was used and set to a value >=2.0
  - the attacker has write access to at least one file on the filesystem

To attack this, an attacker would have to guess the target_tcon
pointer (but guessing wrong doesn't cause a crash, it just returns an
error code) and win a narrow race.

Signed-off-by: Jann Horn <jann@thejh.net>
Signed-off-by: Steve French <smfrench@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-09-29 19:26:06 +02:00
..
asn1.c
[CIFS] cifs: Rename cERROR and cFYI to cifs_dbg
2013-05-04 22:17:23 -05:00
cache.c
[CIFS] cifs: Rename cERROR and cFYI to cifs_dbg
2013-05-04 22:17:23 -05:00
cifs_debug.c
cifs: fix MUST SecurityFlags filtering
2015-01-26 19:38:26 -06:00
cifs_debug.h
cifs: convert printk(LEVEL...) to pr_<level>
2014-12-07 22:48:07 -06:00
cifs_dfs_ref.c
Fix that several functions handle incorrect value of mapchars
2015-05-10 19:56:35 -05:00
cifs_fs_sb.h
Allow conversion of characters in Mac remap range. Part 1
2014-10-16 15:20:20 -05:00
cifs_spnego.c
KEYS: Remove key_type::match in favour of overriding default by match_preparse
2014-09-16 17:36:06 +01:00
cifs_spnego.h
[CIFS] Rename three structures to avoid camel case
2011-05-27 04:34:02 +00:00
cifs_unicode.c
Fix to convert SURROGATE PAIR
2015-05-20 13:12:51 -05:00
cifs_unicode.h
Remap reserved posix characters by default (part 3/3)
2014-10-16 15:20:20 -05:00
cifs_uniupr.h
cifs: correction of unicode header files
2010-08-20 00:46:42 +00:00
cifsacl.c
fs/cifs: remove obsolete __constant
2014-12-10 17:41:02 -08:00
cifsacl.h
cifs: fix SID binary to string conversion
2012-12-11 11:48:49 -06:00
cifsencrypt.c
CIFS: session servername can't be null
2015-04-01 00:01:47 -05:00
cifsfs.c
fs: create and use seq_show_option for escaping
2015-09-21 10:05:45 -07:00
cifsfs.h
Update modinfo cifs version for cifs.ko
2014-12-07 22:17:19 -06:00
cifsglob.h
Convert MessageID in smb2_hdr to LE
2014-12-14 14:55:45 -06:00
cifspdu.h
Add missing definitions for CIFS File System Attributes
2014-08-12 23:47:14 -05:00
cifsproto.h
Fix that several functions handle incorrect value of mapchars
2015-05-10 19:56:35 -05:00
cifssmb.c
CIFS: remove an unneeded NULL check
2015-05-20 11:36:16 -05:00
connect.c
CIFS: Fix race condition on RFC1002_NEGATIVE_SESSION_RESPONSE
2015-05-20 13:25:55 -05:00
dir.c
Fix that several functions handle incorrect value of mapchars
2015-05-10 19:56:35 -05:00
dns_resolve.c
cifs: fix composing of mount options for DFS referrals
2013-05-24 13:08:31 -05:00
dns_resolve.h
DNS: Separate out CIFS DNS Resolver code
2010-08-05 17:17:51 +00:00
export.c
[CIFS] cifs: Rename cERROR and cFYI to cifs_dbg
2013-05-04 22:17:23 -05:00
file.c
cifs: potential missing check for posix_lock_file_wait
2015-05-20 13:08:33 -05:00
fscache.c
Merge tag 'nfs-for-3.13-1' of git://git.linux-nfs.org/projects/trondmy/linux-nfs
2013-11-08 05:57:46 +09:00
fscache.h
CIFS: FS-Cache: Uncache unread pages in cifs_readpages() before freeing them
2013-09-18 10:17:03 -05:00
inode.c
Fix to check Unique id and FileType when client refer file directly.
2015-05-20 13:05:25 -05:00
ioctl.c
CIFS: fix type confusion in copy offload ioctl
2015-09-29 19:26:06 +02:00
Kconfig
Clarify Kconfig help text for CIFS and SMB2/SMB3
2014-08-25 17:01:05 -05:00
link.c
Fix that several functions handle incorrect value of mapchars
2015-05-10 19:56:35 -05:00
Makefile
cifs: add new case-insensitive conversion routines that are based on wchar_t's
2013-09-08 14:38:05 -05:00
misc.c
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
netmisc.c
Fix signed/unsigned pointer warning
2014-12-14 14:55:57 -06:00
nterr.c
CIFS: Rename 7 error codes to NT_ style
2012-07-24 10:25:10 -05:00
nterr.h
CIFS: Rename 7 error codes to NT_ style
2012-07-24 10:25:10 -05:00
ntlmssp.h
CIFS: Add session setup/logoff capability for SMB2
2012-07-24 21:54:57 +04:00
readdir.c
cifs: Don't replace dentries for dfs mounts
2015-05-10 19:56:05 -05:00
rfc1002pdu.h
sess.c
Merge branch 'akpm' (patchbomb from Andrew)
2014-12-10 18:34:42 -08:00
smb1ops.c
Fix that several functions handle incorrect value of mapchars
2015-05-10 19:56:35 -05:00
smb2file.c
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
smb2glob.h
CIFS: Fix too big maxBuf size for SMB3 mounts
2014-02-14 16:50:47 -06:00
smb2inode.c
CIFS: Fix wrong filename length for SMB2
2014-08-25 16:45:17 -05:00
smb2maperror.c
Fix problem recognizing symlinks
2014-10-02 14:10:04 -05:00
smb2misc.c
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
smb2ops.c
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
smb2pdu.c
[cifs] fix null pointer check
2015-05-20 09:32:21 -05:00
smb2pdu.h
Convert MessageID in smb2_hdr to LE
2014-12-14 14:55:45 -06:00
smb2proto.h
mfsymlinks support for SMB2.1/SMB3. Part 2 query symlink
2014-10-16 15:20:20 -05:00
smb2status.h
CIFS: Add SMB2 status codes
2012-07-24 10:25:13 -05:00
smb2transport.c
Convert MessageID in smb2_hdr to LE
2014-12-14 14:55:45 -06:00
smbencrypt.c
cifs: use memzero_explicit to clear stack buffer
2015-01-19 15:32:13 -06:00
smberr.h
cifs: map NT_STATUS_ERROR_WRITE_PROTECTED to -EROFS
2010-08-02 12:40:40 +00:00
smbfsctl.h
enable fallocate punch hole ("fallocate -p") for SMB3
2014-08-17 18:12:38 -05:00
transport.c
cifs: convert printk(LEVEL...) to pr_<level>
2014-12-07 22:48:07 -06:00
winucase.c
[CIFS] quiet sparse compile warning
2013-09-08 14:54:24 -05:00
xattr.c
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00