subject:"\[PATCH\] ncpfs\: memory corruption in ncp_read_kernel\(\)"

Re: [PATCH] ncpfs: memory corruption in ncp_read_kernel()

2018-03-19 Thread Greg Kroah-Hartman

On Mon, Mar 19, 2018 at 02:07:45PM +0300, Dan Carpenter wrote: > If the server is malicious then *bytes_read could be larger than the > size of the "target" buffer. It would lead to memory corruption when we > do the memcpy(). > > Reported-by: Dr Silvio Cesare of InfoSect

[PATCH] ncpfs: memory corruption in ncp_read_kernel()

2018-03-19 Thread Dan Carpenter

If the server is malicious then *bytes_read could be larger than the size of the "target" buffer. It would lead to memory corruption when we do the memcpy(). Reported-by: Dr Silvio Cesare of InfoSect Signed-off-by: Dan Carpenter diff --git