File 0016-CVE-2022-27239-mount.cifs-fix-length-check... of Package cifs-utils

Overview Repositories Revisions Requests Users Attributes Meta

File 0016-CVE-2022-27239-mount.cifs-fix-length-check-for-ip-op.patch of Package cifs-utils

From 06d09c2143a6f9e74858bb33e036025215595e73 Mon Sep 17 00:00:00 2001
From: Jeffrey Bencteux <jbe@improsec.com>
Date: Thu, 17 Mar 2022 12:58:52 -0400
Subject: [PATCH] CVE-2022-27239: mount.cifs: fix length check for ip option
 parsing

Previous check was true whatever the length of the input string was,
leading to a buffer overflow in the subsequent strcpy call.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15025

Signed-off-by: Jeffrey Bencteux <jbe@improsec.com>
Reviewed-by: David Disseldorp <ddiss@suse.de>
---
 mount.cifs.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/mount.cifs.c b/mount.cifs.c
index 84274c98ddf5..3a6b449cc10c 100644
--- a/mount.cifs.c
+++ b/mount.cifs.c
@@ -926,9 +926,10 @@ parse_options(const char *data, struct parsed_mount_info *parsed_info)
 			if (!value || !*value) {
 				fprintf(stderr,
 					"target ip address argument missing\n");
-			} else if (strnlen(value, MAX_ADDRESS_LEN) <=
+			} else if (strnlen(value, MAX_ADDRESS_LEN) <
 				MAX_ADDRESS_LEN) {
-				strcpy(parsed_info->addrlist, value);
+				strlcpy(parsed_info->addrlist, value,
+					MAX_ADDRESS_LEN);
 				if (parsed_info->verboseflag)
 					fprintf(stderr,
 						"ip address %s override specified\n",
-- 
2.35.1

Places

File 0016-CVE-2022-27239-mount.cifs-fix-length-check-for-ip-op.patch of Package cifs-utils

Places