From nobody Sat Apr 09 00:56:05 2022 X-Original-To: bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id B09961A82582 for ; Sat, 9 Apr 2022 00:56:06 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KZxWV1vCwz4cjd for ; Sat, 9 Apr 2022 00:56:06 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 20FD97E48 for ; Sat, 9 Apr 2022 00:56:06 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 2390u6iq000354 for ; Sat, 9 Apr 2022 00:56:06 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 2390u6FQ000353 for bugs@FreeBSD.org; Sat, 9 Apr 2022 00:56:06 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 263043] malformed SMB reply can page-fault the kernel in smb_t2_placedata() Date: Sat, 09 Apr 2022 00:56:05 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: Unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: commit-hook@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-bugs@freebsd.org MIME-Version: 1.0 ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1649465766; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=FkuTbfQHAzbk4bLgtjwvjY6KrC6AU+yTPQ7uqdbxvLA=; b=J3yqYTuNeEfBogFQyMEMmP/C2oyZn/BI2wZtAKDz+t5VnT4DNXDDIehheGz5x3Ib35GQbh Xtm17H257p9oUdCE4BW47gCmSngyvvtv85YLtIXapJ4IXmM/D7CrXbMBDlJNsy/RW2pU8E 3GLmjP7CdCe3CYfbP8z2japIDN+JOkcD3ud8EXMswAHwfjo1ZVVGYQkiPlQwsGPe1A9c72 L2Vr6E2yAGr2j6FmFT2bQsYR9uaZo/l7+Mem4TamxooQkEsqy45CFBvYB1/Fao8+DiapbB 0Vau2DeoFumHRzBkc0FAI6S08dHRHXR648Tc23keKxyeA3ncNRAL4bkTwBKYBQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1649465766; a=rsa-sha256; cv=none; b=qrRCsTYI50LgC7tdNX7AYTrcO62VYANmjxKsqDkJ0n3PETK+FcC5qSHU2TLZE7/Mj+/SWC QjdHSuFL18ZScJR75wFC8vfvfu4sh5wh6Arnr9joPkEEGkrADJ18WnNqwF0CZHOrGpdpGe osJOXRpEfZpa6ZY9aEnWc+ISDa9fDI18bezMbzTHDoLO95zT1ANqtxVdMMNjJJ1HKsE09v qrjaqJHhZmhsoyEAJDIwhIX78i2KDN7FEsF2IWQsf5Ng7uVihvfuVjHnP3IW06u4z356LJ hEtcy6TnRVPJ/KDcSKAufmYid2gQ+bicbDno6HIr0q5bOGFvuXt1LbKNGdBgZw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D263043 --- Comment #2 from commit-hook@FreeBSD.org --- A commit in branch stable/13 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=3D802da293bd5be064c2ecda76e5aa33e1a= 237bc1b commit 802da293bd5be064c2ecda76e5aa33e1a237bc1b Author: Ed Maste AuthorDate: 2022-04-06 18:25:37 +0000 Commit: Ed Maste CommitDate: 2022-04-09 00:55:30 +0000 smbfs: caution against use in the manpage It supports only the obsolete SMBv1 protocol, is known to be buggy, and likely has security vulnerabilities. It will either be updated or removed in the future, but for now at least describe the current state in the man page. PR: 263043 MFC after: 3 days Sponsored by: The FreeBSD Foundation (cherry picked from commit 7c140ef034c33ab0b16b535f3d5f945dc8f71cb4) share/man/man5/smbfs.5 | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) --=20 You are receiving this mail because: You are the assignee for the bug.=