Re: [PATCH v2 1/4] ksmbd: add request buffer validation in smb2_set_info

From: Steve French <smfrench@gmail.com>
To: Ralph Boehme <slow@samba.org>
Cc: Namjae Jeon <linkinjeon@kernel.org>,
	CIFS <linux-cifs@vger.kernel.org>,
	Ronnie Sahlberg <ronniesahlberg@gmail.com>
Subject: Re: [PATCH v2 1/4] ksmbd: add request buffer validation in smb2_set_info
Date: Mon, 20 Sep 2021 10:10:50 -0500	[thread overview]
Message-ID: <CAH2r5mt8gxSS56kDvmtRTOi7Dm0fXwD6zL45WAP2hw2_TxDPow@mail.gmail.com> (raw)
In-Reply-To: <27cdc659-cf4d-cc9e-e5c5-6a3d23987e72@samba.org>

On Mon, Sep 20, 2021 at 10:03 AM Ralph Boehme <slow@samba.org> wrote:
>
> Am 20.09.21 um 16:45 schrieb Ralph Boehme:
> > Am 19.09.21 um 04:13 schrieb Namjae Jeon:
> >> Use  LOOKUP_NO_SYMLINKS flags for default lookup to prohibit the
> >> middle of symlink component lookup.
> >
> > maybe this patch should be squashed with the "ksmbd: remove follow
> > symlinks support" patch?
>
> also, I noticed that the patches are already included in ksmbd-for-next.
> Did I miss Steve's ack on the ML?
>
> I wonder why the patches are already included in ksmbd-for-next without
> a proper review, I just started to look at the patches and wanted to
> raise several issues.

I included them at Namjae's request in for-next to allow the automated
tests to run on them (e.g. the Intel test robot etc.) - those
automated bots can be useful ... but I had done some review of all of
them, and detailed review of most, and had run the automated tests
(buildbot) on them (which passed, even after adding more subtests),
and the smbtorture tests were also automatically run (it is triggered
in Namjae's github setup).

Of the 8 patches in for-next, these 3 are the remaining ones that I am
looking at in more detail now:

24f0f4fc5f76 ksmbd: use LOOKUP_NO_SYMLINKS flags for default lookup
1ec1e6928354 ksmbd: add buffer validation for SMB2_CREATE_CONTEXT
e2cd5c814442 ksmbd: add validation in smb2_ioctl

-- 
Thanks,

Steve