Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

mount.cifs: two bug fixes #7

Merged
merged 2 commits into from
Apr 27, 2022
Merged

mount.cifs: two bug fixes #7

merged 2 commits into from
Apr 27, 2022

Conversation

ddiss
Copy link

@ddiss ddiss commented Apr 26, 2022
edited
Loading

Both reported and fixed by Jeffrey Bencteux

@0x6a656666 @ddiss
CVE-2022-27239: mount.cifs: fix length check for ip option parsing
955fb14 
Previous check was true whatever the length of the input string was,
leading to a buffer overflow in the subsequent strcpy call.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15025

Signed-off-by: Jeffrey Bencteux <jbe@improsec.com>
Reviewed-by: David Disseldorp <ddiss@suse.de>
@0x6a656666 @ddiss
mount.cifs: fix verbose messages on option parsing
3d67d09 
When verbose logging is enabled, invalid credentials file lines may be
dumped to stderr. This may lead to information disclosure in particular
conditions when the credentials file given is sensitive and contains '='
signs.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15026

Signed-off-by: Jeffrey Bencteux <jbe@improsec.com>
Reviewed-by: David Disseldorp <ddiss@suse.de>
@piastry piastry merged commit 8acc963 into piastry:master Apr 27, 2022
@piastry
Copy link
Owner

piastry commented Apr 27, 2022

Merged. Thanks!

mweinelt added a commit to mweinelt/nixpkgs that referenced this pull request Apr 28, 2022
@mweinelt
cifs-utils: patch buffer-overflow in ip param handling
cb3fa08 
https://www.openwall.com/lists/oss-security/2022/04/27/5
https://bugzilla.suse.com/show_bug.cgi?id=1197216
piastry/cifs-utils#7

Fixes: CVE-2022-27239
@mweinelt mweinelt mentioned this pull request Apr 28, 2022
Merged
13 tasks
github-actions bot pushed a commit to NixOS/nixpkgs that referenced this pull request Apr 29, 2022
@mweinelt @github-actions
cifs-utils: patch buffer-overflow in ip param handling
637c6a4 
https://www.openwall.com/lists/oss-security/2022/04/27/5
https://bugzilla.suse.com/show_bug.cgi?id=1197216
piastry/cifs-utils#7

Fixes: CVE-2022-27239
(cherry picked from commit cb3fa08)
jsoo1 pushed a commit to awakesecurity/nixpkgs that referenced this pull request Jul 13, 2023
@mweinelt @jsoo1
cifs-utils: patch buffer-overflow in ip param handling
7b4f7a8 
https://www.openwall.com/lists/oss-security/2022/04/27/5
https://bugzilla.suse.com/show_bug.cgi?id=1197216
piastry/cifs-utils#7

Fixes: CVE-2022-27239
(cherry picked from commit cb3fa08)
jsoo1 pushed a commit to awakesecurity/nixpkgs that referenced this pull request Jul 21, 2023
@mweinelt @jsoo1
cifs-utils: patch buffer-overflow in ip param handling
52ac23b 
https://www.openwall.com/lists/oss-security/2022/04/27/5
https://bugzilla.suse.com/show_bug.cgi?id=1197216
piastry/cifs-utils#7

Fixes: CVE-2022-27239
(cherry picked from commit cb3fa08)
awake-bot pushed a commit to awakesecurity/nixpkgs that referenced this pull request Aug 4, 2023
@mweinelt @jsoo1
cifs-utils: patch buffer-overflow in ip param handling
a73f777 
https://www.openwall.com/lists/oss-security/2022/04/27/5
https://bugzilla.suse.com/show_bug.cgi?id=1197216
piastry/cifs-utils#7

Fixes: CVE-2022-27239
(cherry picked from commit cb3fa08)
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ddiss @piastry @0x6a656666