From: Steve French <smfrench@gmail.com>
To: Namjae Jeon <linkinjeon@kernel.org>
Cc: CIFS <linux-cifs@vger.kernel.org>,
"Ronnie Sahlberg" <ronniesahlberg@gmail.com>,
"Ralph Böhme" <slow@samba.org>
Subject: Re: [PATCH 3/4] ksmbd: add validatioin for FILE_FULL_EA_INFORMATION of smb2_get_info
Date: Sat, 18 Sep 2021 10:55:43 -0500 [thread overview]
Message-ID: <CAH2r5mumOAqEgkitSK4yrxithPUUF1d9GihTLQAOdrX8-kK2Eg@mail.gmail.com> (raw)
In-Reply-To: <20210918094513.89480-3-linkinjeon@kernel.org>
Merged into cifsd-for-next (smbd-for-next) after fixing typo in title.
The other three look promising but want to look in more detail at
those unless others have review feedback on those - those patches
include some potentially very important checks.
On Sat, Sep 18, 2021 at 4:45 AM Namjae Jeon <linkinjeon@kernel.org> wrote:
>
> Add validation to check whether req->InputBufferLength is smaller than
> smb2_ea_info_req structure size.
>
> Cc: Ronnie Sahlberg <ronniesahlberg@gmail.com>
> Cc: Ralph Böhme <slow@samba.org>
> Cc: Steve French <smfrench@gmail.com>
> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
> ---
> fs/ksmbd/smb2pdu.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c
> index e589e8cc389f..e92af212583e 100644
> --- a/fs/ksmbd/smb2pdu.c
> +++ b/fs/ksmbd/smb2pdu.c
> @@ -4059,6 +4059,10 @@ static int smb2_get_ea(struct ksmbd_work *work, struct ksmbd_file *fp,
> path = &fp->filp->f_path;
> /* single EA entry is requested with given user.* name */
> if (req->InputBufferLength) {
> + if (le32_to_cpu(req->InputBufferLength) <
> + sizeof(struct smb2_ea_info_req))
> + return -EINVAL;
> +
> ea_req = (struct smb2_ea_info_req *)req->Buffer;
> } else {
> /* need to send all EAs, if no specific EA is requested*/
> --
> 2.25.1
>
--
Thanks,
Steve
next prev parent reply other threads:[~2021-09-18 15:55 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-18 9:45 [PATCH 1/4] ksmbd: add request buffer validation in smb2_set_info Namjae Jeon
2021-09-18 9:45 ` [PATCH 2/4] ksmbd: add validation in smb2_ioctl Namjae Jeon
2021-09-18 18:51 ` kernel test robot
2021-09-18 18:51 ` kernel test robot
2021-09-18 21:43 ` Namjae Jeon
2021-09-18 21:43 ` Namjae Jeon
2021-09-18 9:45 ` [PATCH 3/4] ksmbd: add validatioin for FILE_FULL_EA_INFORMATION of smb2_get_info Namjae Jeon
2021-09-18 15:55 ` Steve French [this message]
2021-09-18 17:57 ` Steve French
2021-09-18 18:10 ` Ralph Boehme
2021-09-18 9:45 ` [PATCH 4/4] ksmbd: add buffer validation for SMB2_CREATE_CONTEXT Namjae Jeon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAH2r5mumOAqEgkitSK4yrxithPUUF1d9GihTLQAOdrX8-kK2Eg@mail.gmail.com \
--to=smfrench@gmail.com \
--cc=linkinjeon@kernel.org \
--cc=linux-cifs@vger.kernel.org \
--cc=ronniesahlberg@gmail.com \
--cc=slow@samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.