[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE request: kernel: cifs: fix unicode string area word alignment
From:       Eugene Teo <eugene () redhat ! com>
Date:       2009-04-20 6:26:08
Message-ID: 49EC1580.9080408 () redhat ! com
[Download RAW message or body]

According to the upstream commit 27b87fe5, "the handling of unicode
string area alignment is wrong. decode_unicode_ssetup improperly assumes
that it will always be preceded by a pad byte. This isn't the case if
the string area is already word-aligned.

This problem, combined with the bad buffer sizing for the serverDomain
string can cause memory corruption. The bad alignment can make it so
that the alignment of the characters is off. This can make them
translate to characters that are greater than 2 bytes each. If this
happens we can overflow the allocation."

This is similar to the bug Marcus posted recently.

https://bugzilla.redhat.com/show_bug.cgi?id=496572
http://git.kernel.org/linus/27b87fe52baba0a55e9723030e76fce94fabcea4
http://lists.samba.org/archive/linux-cifs-client/2009-April/004399.html

Thanks, Eugene
-- 
Eugene Teo / Red Hat Security Response Team

[prev in list] [next in list] [prev in thread] [next in thread]