cifs: modefromsid: make room for 4 ACE

when mounting with modefromsid, we end up writing 4 ACE in a security descriptor that only has room for 3, thus triggering an out-of-bounds write. fix this by changing the min size of a security descriptor. Signed-off-by: Aurelien Aptel <aaptel@suse.com> Signed-off-by: Steve French <stfrench@microsoft.com>
2019-09-16 04:28:36 +02:00 · 2019-09-16 04:28:36 +02:00 · 0892ba693f
parent 2255397c33
commit 0892ba693f
1 changed files with 1 additions and 1 deletions
--- a/fs/cifs/cifsacl.h
+++ b/fs/cifs/cifsacl.h
@ -45,7 +45,7 @@
 */
 #define DEFAULT_SEC_DESC_LEN (sizeof(struct cifs_ntsd) + \
 			      sizeof(struct cifs_acl) + \
-			      (sizeof(struct cifs_ace) * 3))
+			      (sizeof(struct cifs_ace) * 4))

 /*
 * Maximum size of a string representation of a SID: