Skip to content

Commit

Permalink
ksmbd: fix heap-based overflow in samr_query_user_info_return()
Browse files Browse the repository at this point in the history
Add +1 for NULL terminator space.

Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-17820
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
namjaejeon committed Apr 8, 2023
1 parent 11f5413 commit 8adda3d
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion mountd/rpc_samr.c
Original file line number Diff line number Diff line change
@@ -425,7 +425,7 @@ static int samr_query_user_info_return(struct ksmbd_rpc_pipe *pipe)
if (gethostname(hostname, NAME_MAX))
return KSMBD_RPC_ENOMEM;

home_dir_len = 2 + strlen(hostname) + 1 + strlen(ch->user->name);
home_dir_len = 2 + strlen(hostname) + 1 + strlen(ch->user->name) + 1;

home_dir = g_try_malloc0(home_dir_len);
if (!home_dir)

0 comments on commit 8adda3d

Please sign in to comment.