* [PATCH v2 BACKPORT for 5.15 stable] ksmbd: Fix an error handling path in 'smb2_sess_setup()'
@ 2021-11-28 13:04 Namjae Jeon
2021-11-29 12:12 ` Greg KH
0 siblings, 1 reply; 3+ messages in thread
From: Namjae Jeon @ 2021-11-28 13:04 UTC (permalink / raw)
To: stable; +Cc: gregkh, christophe.jaillet, linkinjeon, stfrench
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
All the error handling paths of 'smb2_sess_setup()' end to 'out_err'.
All but the new error handling path added by the commit given in the Fixes
tag below.
Fix this error handling path and branch to 'out_err' as well.
Fixes: 0d994cd482ee ("ksmbd: add buffer validation in session setup")
Cc: stable@vger.kernel.org # v5.15
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Steve French <stfrench@microsoft.com>
---
v2:
- add missing Steve's signoff tag.
fs/ksmbd/smb2pdu.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c
index 589694af4e95..9ae1d19ebc38 100644
--- a/fs/ksmbd/smb2pdu.c
+++ b/fs/ksmbd/smb2pdu.c
@@ -1700,8 +1700,10 @@ int smb2_sess_setup(struct ksmbd_work *work)
negblob_off = le16_to_cpu(req->SecurityBufferOffset);
negblob_len = le16_to_cpu(req->SecurityBufferLength);
if (negblob_off < (offsetof(struct smb2_sess_setup_req, Buffer) - 4) ||
- negblob_len < offsetof(struct negotiate_message, NegotiateFlags))
- return -EINVAL;
+ negblob_len < offsetof(struct negotiate_message, NegotiateFlags)) {
+ rc = -EINVAL;
+ goto out_err;
+ }
negblob = (struct negotiate_message *)((char *)&req->hdr.ProtocolId +
negblob_off);
--
2.25.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH v2 BACKPORT for 5.15 stable] ksmbd: Fix an error handling path in 'smb2_sess_setup()'
2021-11-28 13:04 [PATCH v2 BACKPORT for 5.15 stable] ksmbd: Fix an error handling path in 'smb2_sess_setup()' Namjae Jeon
@ 2021-11-29 12:12 ` Greg KH
2021-11-29 20:16 ` Namjae Jeon
0 siblings, 1 reply; 3+ messages in thread
From: Greg KH @ 2021-11-29 12:12 UTC (permalink / raw)
To: Namjae Jeon; +Cc: stable, christophe.jaillet, stfrench
On Sun, Nov 28, 2021 at 10:04:03PM +0900, Namjae Jeon wrote:
> From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
>
> All the error handling paths of 'smb2_sess_setup()' end to 'out_err'.
>
> All but the new error handling path added by the commit given in the Fixes
> tag below.
>
> Fix this error handling path and branch to 'out_err' as well.
>
> Fixes: 0d994cd482ee ("ksmbd: add buffer validation in session setup")
> Cc: stable@vger.kernel.org # v5.15
> Acked-by: Namjae Jeon <linkinjeon@kernel.org>
> Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
> Signed-off-by: Steve French <stfrench@microsoft.com>
> ---
> v2:
> - add missing Steve's signoff tag.
What is the git id of this in Linus's tree?
And why no signed-off-by: from you? Please add that when doing
backports and you have to change things.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH v2 BACKPORT for 5.15 stable] ksmbd: Fix an error handling path in 'smb2_sess_setup()'
2021-11-29 12:12 ` Greg KH
@ 2021-11-29 20:16 ` Namjae Jeon
0 siblings, 0 replies; 3+ messages in thread
From: Namjae Jeon @ 2021-11-29 20:16 UTC (permalink / raw)
To: Greg KH; +Cc: stable, christophe.jaillet, stfrench
2021-11-29 21:12 GMT+09:00, Greg KH <gregkh@linuxfoundation.org>:
> On Sun, Nov 28, 2021 at 10:04:03PM +0900, Namjae Jeon wrote:
>> From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
>>
>> All the error handling paths of 'smb2_sess_setup()' end to 'out_err'.
>>
>> All but the new error handling path added by the commit given in the
>> Fixes
>> tag below.
>>
>> Fix this error handling path and branch to 'out_err' as well.
>>
>> Fixes: 0d994cd482ee ("ksmbd: add buffer validation in session setup")
>> Cc: stable@vger.kernel.org # v5.15
>> Acked-by: Namjae Jeon <linkinjeon@kernel.org>
>> Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
>> Signed-off-by: Steve French <stfrench@microsoft.com>
>> ---
>> v2:
>> - add missing Steve's signoff tag.
Hi Greg,
>
> What is the git id of this in Linus's tree?
Sorry for that, My mistake, This patch in Linus's tree doesn't apply
to linux-5.15.
I found out later that I hadn't copied while re-creating it.
>
> And why no signed-off-by: from you? Please add that when doing
> backports and you have to change things.
Ah, I didn't know my signoff-by should add it. and I will do that next time :)
Thanks for your mail!
>
> thanks,
>
> greg k-h
>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-11-29 22:34 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-28 13:04 [PATCH v2 BACKPORT for 5.15 stable] ksmbd: Fix an error handling path in 'smb2_sess_setup()' Namjae Jeon
2021-11-29 12:12 ` Greg KH
2021-11-29 20:16 ` Namjae Jeon
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.