[PATCH v2 BACKPORT for 5.15 stable] ksmbd: Fix an error handling path in 'smb2_sess_setup()'

[PATCH v2 BACKPORT for 5.15 stable] ksmbd: Fix an error handling path in 'smb2_sess_setup()'

[Namjae Jeon]

From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>

All the error handling paths of 'smb2_sess_setup()' end to 'out_err'.

All but the new error handling path added by the commit given in the Fixes
tag below.

Fix this error handling path and branch to 'out_err' as well.

Fixes: 0d994cd482ee ("ksmbd: add buffer validation in session setup")
Cc: stable@vger.kernel.org # v5.15
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Steve French <stfrench@microsoft.com>
---
 v2:
   - add missing Steve's signoff tag.

 fs/ksmbd/smb2pdu.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c
index 589694af4e95..9ae1d19ebc38 100644
--- a/fs/ksmbd/smb2pdu.c
+++ b/fs/ksmbd/smb2pdu.c
@@ -1700,8 +1700,10 @@ int smb2_sess_setup(struct ksmbd_work *work)
 	negblob_off = le16_to_cpu(req->SecurityBufferOffset);
 	negblob_len = le16_to_cpu(req->SecurityBufferLength);
 	if (negblob_off < (offsetof(struct smb2_sess_setup_req, Buffer) - 4) ||
-	    negblob_len < offsetof(struct negotiate_message, NegotiateFlags))
-		return -EINVAL;
+	    negblob_len < offsetof(struct negotiate_message, NegotiateFlags)) {
+		rc = -EINVAL;
+		goto out_err;
+	}
 
 	negblob = (struct negotiate_message *)((char *)&req->hdr.ProtocolId +
 			negblob_off);
-- 
2.25.1

Re: [PATCH v2 BACKPORT for 5.15 stable] ksmbd: Fix an error handling path in 'smb2_sess_setup()'

[Greg KH]

On Sun, Nov 28, 2021 at 10:04:03PM +0900, Namjae Jeon wrote:
> From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
> 
> All the error handling paths of 'smb2_sess_setup()' end to 'out_err'.
> 
> All but the new error handling path added by the commit given in the Fixes
> tag below.
> 
> Fix this error handling path and branch to 'out_err' as well.
> 
> Fixes: 0d994cd482ee ("ksmbd: add buffer validation in session setup")
> Cc: stable@vger.kernel.org # v5.15
> Acked-by: Namjae Jeon <linkinjeon@kernel.org>
> Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
> Signed-off-by: Steve French <stfrench@microsoft.com>
> ---
>  v2:
>    - add missing Steve's signoff tag.

What is the git id of this in Linus's tree?

And why no signed-off-by: from you?  Please add that when doing
backports and you have to change things.

thanks,

greg k-h

Re: [PATCH v2 BACKPORT for 5.15 stable] ksmbd: Fix an error handling path in 'smb2_sess_setup()'

[Namjae Jeon]

2021-11-29 21:12 GMT+09:00, Greg KH <gregkh@linuxfoundation.org>:
> On Sun, Nov 28, 2021 at 10:04:03PM +0900, Namjae Jeon wrote:
>> From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
>>
>> All the error handling paths of 'smb2_sess_setup()' end to 'out_err'.
>>
>> All but the new error handling path added by the commit given in the
>> Fixes
>> tag below.
>>
>> Fix this error handling path and branch to 'out_err' as well.
>>
>> Fixes: 0d994cd482ee ("ksmbd: add buffer validation in session setup")
>> Cc: stable@vger.kernel.org # v5.15
>> Acked-by: Namjae Jeon <linkinjeon@kernel.org>
>> Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
>> Signed-off-by: Steve French <stfrench@microsoft.com>
>> ---
>>  v2:
>>    - add missing Steve's signoff tag.
Hi Greg,
>
> What is the git id of this in Linus's tree?
Sorry for that, My mistake, This patch in Linus's tree doesn't apply
to linux-5.15.
I found out later that I hadn't copied while re-creating it.
>
> And why no signed-off-by: from you?  Please add that when doing
> backports and you have to change things.
Ah, I didn't know my signoff-by should add it. and I will do that next time :)

Thanks for your mail!
>
> thanks,
>
> greg k-h
>