ksmbd: limit pdu length size according to connection status
authorNamjae Jeon <linkinjeon@kernel.org>
Tue, 24 Jan 2023 15:13:20 +0000 (00:13 +0900)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 1 Feb 2023 07:27:24 +0000 (08:27 +0100)
commit33a9657d67a46e696617554bc467ebbaddbb4dbc
treefba9dfd017fa62af9c3a4c525689a48465a284ce
parent8d83a758ee21d6c65bf9ed666e28b27dc7c5bde8
ksmbd: limit pdu length size according to connection status

commit 62c487b53a7ff31e322cf2874d3796b8202c54a5 upstream.

Stream protocol length will never be larger than 16KB until session setup.
After session setup, the size of requests will not be larger than
16KB + SMB2 MAX WRITE size. This patch limits these invalidly oversized
requests and closes the connection immediately.

Fixes: 0626e6641f6b ("cifsd: add server handler for central processing and tranport layers")
Cc: stable@vger.kernel.org
Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-18259
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
fs/ksmbd/connection.c
fs/ksmbd/smb2pdu.h