From 0892ba693f304ce3e9ca1f0a64a5cfc051454996 Mon Sep 17 00:00:00 2001 From: Aurelien Aptel Date: Mon, 16 Sep 2019 04:28:36 +0200 Subject: [PATCH] cifs: modefromsid: make room for 4 ACE when mounting with modefromsid, we end up writing 4 ACE in a security descriptor that only has room for 3, thus triggering an out-of-bounds write. fix this by changing the min size of a security descriptor. Signed-off-by: Aurelien Aptel Signed-off-by: Steve French --- fs/cifs/cifsacl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/cifs/cifsacl.h b/fs/cifs/cifsacl.h index dd95a6fa24bf..eb428349f29a 100644 --- a/fs/cifs/cifsacl.h +++ b/fs/cifs/cifsacl.h @@ -45,7 +45,7 @@ */ #define DEFAULT_SEC_DESC_LEN (sizeof(struct cifs_ntsd) + \ sizeof(struct cifs_acl) + \ - (sizeof(struct cifs_ace) * 3)) + (sizeof(struct cifs_ace) * 4)) /* * Maximum size of a string representation of a SID: