NACK/Cmnt: [SRU][Jammy][PATCH 0/1] CVE-2023-38431

[Stefan Bader]

On 25.01.24 22:44, Bethany Jamison wrote:
> [Impact]
> 
> An issue was discovered in the Linux kernel before 6.3.8.
> fs/smb/server/connection.c in ksmbd does not validate the relationship
> between the NetBIOS header's length field and the SMB header sizes, via
> pdu_size in ksmbd_conn_handler_loop, leading to an out-of-bounds read.
> 
> [Fix]
> 
> The fix commit implemented function smb2_get_msg which wasn't defined
> in Jammy - the function was very simple so I added it without issue.
> 
> [Test Case]
> 
> Compile and boot tested.
> 
> [Regression Potential]
> 
> Issues could occur with packets between NetBIOS and SMB.
> 
> Namjae Jeon (1):
>    ksmbd: check the validation of pdu_size in ksmbd_conn_handler_loop
> 
>   fs/ksmbd/connection.c | 12 ++++++++++++
>   fs/ksmbd/smb2pdu.h    |  9 +++++++++
>   2 files changed, 21 insertions(+)
> 

Rejected for the following reasons:
- there are doubts about correctness of this patch
- no feedback was given to address those concerns

Please re-submit when needed (but make then sure to address the concerns 
in some comment).

-Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 48643 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240301/2d4a46c7/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240301/2d4a46c7/attachment-0001.sig>