Skip to content

mount.cifs: two bug fixes #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Apr 27, 2022
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
CVE-2022-27239: mount.cifs: fix length check for ip option parsing
Previous check was true whatever the length of the input string was,
leading to a buffer overflow in the subsequent strcpy call.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15025

Signed-off-by: Jeffrey Bencteux <jbe@improsec.com>
Reviewed-by: David Disseldorp <ddiss@suse.de>
  • Loading branch information
0x6a656666 authored and ddiss committed Apr 26, 2022
commit 955fb147e97a6a74e1aaa65766de91e2c1479765
5 changes: 3 additions & 2 deletions mount.cifs.c
Original file line number Diff line number Diff line change
Expand Up @@ -926,9 +926,10 @@ parse_options(const char *data, struct parsed_mount_info *parsed_info)
if (!value || !*value) {
fprintf(stderr,
"target ip address argument missing\n");
} else if (strnlen(value, MAX_ADDRESS_LEN) <=
} else if (strnlen(value, MAX_ADDRESS_LEN) <
MAX_ADDRESS_LEN) {
strcpy(parsed_info->addrlist, value);
strlcpy(parsed_info->addrlist, value,
MAX_ADDRESS_LEN);
if (parsed_info->verboseflag)
fprintf(stderr,
"ip address %s override specified\n",
Expand Down