From: Namjae Jeon <linkinjeon@kernel.org>
To: linux-cifs@vger.kernel.org
Cc: "Namjae Jeon" <linkinjeon@kernel.org>,
"Tom Talpey" <tom@talpey.com>,
"Ronnie Sahlberg" <ronniesahlberg@gmail.com>,
"Ralph Böhme" <slow@samba.org>,
"Steve French" <smfrench@gmail.com>
Subject: [PATCH] ksmbd: add the check to vaildate if stream protocol length exceeds maximum value
Date: Thu, 23 Sep 2021 12:48:53 +0900 [thread overview]
Message-ID: <20210923034855.612832-1-linkinjeon@kernel.org> (raw)
This patch add MAX_STREAM_PROT_LEN macro and check if stream protocol
length exceeds maximum value in ksmbd_pdu_size_has_room().
Cc: Tom Talpey <tom@talpey.com>
Cc: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Cc: Ralph Böhme <slow@samba.org>
Cc: Steve French <smfrench@gmail.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
---
fs/ksmbd/smb_common.c | 3 ++-
fs/ksmbd/smb_common.h | 2 ++
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/fs/ksmbd/smb_common.c b/fs/ksmbd/smb_common.c
index 5901b2884c60..ebc835ab414c 100644
--- a/fs/ksmbd/smb_common.c
+++ b/fs/ksmbd/smb_common.c
@@ -274,7 +274,8 @@ int ksmbd_init_smb_server(struct ksmbd_work *work)
bool ksmbd_pdu_size_has_room(unsigned int pdu)
{
- return (pdu >= KSMBD_MIN_SUPPORTED_HEADER_SIZE - 4);
+ return (pdu >= KSMBD_MIN_SUPPORTED_HEADER_SIZE - 4 &&
+ pdu <= MAX_STREAM_PROT_LEN);
}
int ksmbd_populate_dot_dotdot_entries(struct ksmbd_work *work, int info_level,
diff --git a/fs/ksmbd/smb_common.h b/fs/ksmbd/smb_common.h
index 994abede27e9..10b8d7224dfa 100644
--- a/fs/ksmbd/smb_common.h
+++ b/fs/ksmbd/smb_common.h
@@ -48,6 +48,8 @@
#define CIFS_DEFAULT_IOSIZE (64 * 1024)
#define MAX_CIFS_SMALL_BUFFER_SIZE 448 /* big enough for most */
+#define MAX_STREAM_PROT_LEN 0x00FFFFFF
+
/* Responses when opening a file. */
#define F_SUPERSEDED 0
#define F_OPENED 1
--
2.25.1
next reply other threads:[~2021-09-23 3:49 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-23 3:48 Namjae Jeon [this message]
2021-09-23 3:48 ` [PATCH v4] ksmbd: fix invalid request buffer access in compound Namjae Jeon
2021-09-23 15:13 ` Tom Talpey
2021-09-23 19:30 ` Namjae Jeon
2021-09-23 3:48 ` [PATCH v3] ksmbd: add validation in smb2 negotiate Namjae Jeon
2021-09-23 15:54 ` Tom Talpey
2021-09-23 20:14 ` Namjae Jeon
2021-09-23 15:05 ` [PATCH] ksmbd: add the check to vaildate if stream protocol length exceeds maximum value Tom Talpey
2021-09-23 19:24 ` Namjae Jeon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210923034855.612832-1-linkinjeon@kernel.org \
--to=linkinjeon@kernel.org \
--cc=linux-cifs@vger.kernel.org \
--cc=ronniesahlberg@gmail.com \
--cc=slow@samba.org \
--cc=smfrench@gmail.com \
--cc=tom@talpey.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.