All of lore.kernel.org
 help / color / mirror / Atom feed
From: Namjae Jeon <linkinjeon@kernel.org>
To: linux-cifs@vger.kernel.org
Cc: "Namjae Jeon" <linkinjeon@kernel.org>,
	"Tom Talpey" <tom@talpey.com>,
	"Ronnie Sahlberg" <ronniesahlberg@gmail.com>,
	"Ralph Böhme" <slow@samba.org>,
	"Steve French" <smfrench@gmail.com>
Subject: [PATCH] ksmbd: add the check to vaildate if stream protocol length exceeds maximum value
Date: Thu, 23 Sep 2021 12:48:53 +0900	[thread overview]
Message-ID: <20210923034855.612832-1-linkinjeon@kernel.org> (raw)

This patch add MAX_STREAM_PROT_LEN macro and check if stream protocol
length exceeds maximum value in ksmbd_pdu_size_has_room().

Cc: Tom Talpey <tom@talpey.com>
Cc: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Cc: Ralph Böhme <slow@samba.org>
Cc: Steve French <smfrench@gmail.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
---
 fs/ksmbd/smb_common.c | 3 ++-
 fs/ksmbd/smb_common.h | 2 ++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/fs/ksmbd/smb_common.c b/fs/ksmbd/smb_common.c
index 5901b2884c60..ebc835ab414c 100644
--- a/fs/ksmbd/smb_common.c
+++ b/fs/ksmbd/smb_common.c
@@ -274,7 +274,8 @@ int ksmbd_init_smb_server(struct ksmbd_work *work)
 
 bool ksmbd_pdu_size_has_room(unsigned int pdu)
 {
-	return (pdu >= KSMBD_MIN_SUPPORTED_HEADER_SIZE - 4);
+	return (pdu >= KSMBD_MIN_SUPPORTED_HEADER_SIZE - 4 &&
+		pdu <= MAX_STREAM_PROT_LEN);
 }
 
 int ksmbd_populate_dot_dotdot_entries(struct ksmbd_work *work, int info_level,
diff --git a/fs/ksmbd/smb_common.h b/fs/ksmbd/smb_common.h
index 994abede27e9..10b8d7224dfa 100644
--- a/fs/ksmbd/smb_common.h
+++ b/fs/ksmbd/smb_common.h
@@ -48,6 +48,8 @@
 #define CIFS_DEFAULT_IOSIZE	(64 * 1024)
 #define MAX_CIFS_SMALL_BUFFER_SIZE 448 /* big enough for most */
 
+#define MAX_STREAM_PROT_LEN	0x00FFFFFF
+
 /* Responses when opening a file. */
 #define F_SUPERSEDED	0
 #define F_OPENED	1
-- 
2.25.1


             reply	other threads:[~2021-09-23  3:49 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-09-23  3:48 Namjae Jeon [this message]
2021-09-23  3:48 ` [PATCH v4] ksmbd: fix invalid request buffer access in compound Namjae Jeon
2021-09-23 15:13   ` Tom Talpey
2021-09-23 19:30     ` Namjae Jeon
2021-09-23  3:48 ` [PATCH v3] ksmbd: add validation in smb2 negotiate Namjae Jeon
2021-09-23 15:54   ` Tom Talpey
2021-09-23 20:14     ` Namjae Jeon
2021-09-23 15:05 ` [PATCH] ksmbd: add the check to vaildate if stream protocol length exceeds maximum value Tom Talpey
2021-09-23 19:24   ` Namjae Jeon

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210923034855.612832-1-linkinjeon@kernel.org \
    --to=linkinjeon@kernel.org \
    --cc=linux-cifs@vger.kernel.org \
    --cc=ronniesahlberg@gmail.com \
    --cc=slow@samba.org \
    --cc=smfrench@gmail.com \
    --cc=tom@talpey.com \
    --subject='Re: [PATCH] ksmbd: add the check to vaildate if stream protocol length exceeds maximum value' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.