linux-cifs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: "Aurélien Aptel" <aaptel@suse.com>
To: Murphy Zhou <jencce.kernel@gmail.com>, linux-cifs@vger.kernel.org
Subject: Re: [PATCH] CIFS: fix max ea value size
Date: Sat, 21 Sep 2019 20:23:32 +0200	[thread overview]
Message-ID: <878sqhfqzf.fsf@suse.com> (raw)
In-Reply-To: <20190921112600.utzouyddp3cdmxhe@XZHOUW.usersys.redhat.com>

"Murphy Zhou" <jencce.kernel@gmail.com> writes:
> It should not be larger then the slab max buf size. If user
> specifies a larger size, it passes this check and goes
> straightly to SMB2_set_info_init performing an insecure memcpy.

It's even smaller than that as CIFSMaxBufSize is the max size for the
whole packet IIRC. The EA payload needs to fit into that. So it should
be CIFSMaxBufSize-(largest SMB2 header size + Set EA initial
header). And if we set multiple EA at the same time it has to be divided
by the number of EAs etc...

Cheers,
-- 
Aurélien Aptel / SUSE Labs Samba Team
GPG: 1839 CB5F 9F5B FB9B AA97  8C99 03C8 A49B 521B D5D3
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, DE
GF: Felix Imendörffer, Mary Higgins, Sri Rasiah HRB 247165 (AG München)

  reply	other threads:[~2019-09-21 18:23 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-09-21 11:26 [PATCH] CIFS: fix max ea value size Murphy Zhou
2019-09-21 18:23 ` Aurélien Aptel [this message]
2019-09-22  1:25   ` Murphy Zhou
2019-09-24  5:24     ` Steve French
2019-09-24 21:16     ` Aurélien Aptel

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=878sqhfqzf.fsf@suse.com \
    --to=aaptel@suse.com \
    --cc=jencce.kernel@gmail.com \
    --cc=linux-cifs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).