smb: client: fix potential OOB in cifs_dump_detail()

commit b50492b05fd02887b46aef079592207fb5c97a4c upstream.

Validate SMB message with ->check_message() before calling
->calc_smb_size().

Signed-off-by: Paulo Alcantara (SUSE) <pc@manguebit.com>
Cc: stable@vger.kernel.org
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/fs/smb/client/cifs_debug.c b/fs/smb/client/cifs_debug.c
index 16282ec..a2584ad 100644 (file)
--- a/fs/smb/client/cifs_debug.c
+++ b/fs/smb/client/cifs_debug.c
@@ -40,11 +40,13 @@ void cifs_dump_detail(void *buf, struct TCP_Server_Info *server)
 #ifdef CONFIG_CIFS_DEBUG2
        struct smb_hdr *smb = buf;
 
-       cifs_dbg(VFS, "Cmd: %d Err: 0x%x Flags: 0x%x Flgs2: 0x%x Mid: %d Pid: %d\n",
-                smb->Command, smb->Status.CifsError,
-                smb->Flags, smb->Flags2, smb->Mid, smb->Pid);
-       cifs_dbg(VFS, "smb buf %p len %u\n", smb,
-                server->ops->calc_smb_size(smb));
+       cifs_dbg(VFS, "Cmd: %d Err: 0x%x Flags: 0x%x Flgs2: 0x%x Mid: %d Pid: %d Wct: %d\n",
+                smb->Command, smb->Status.CifsError, smb->Flags,
+                smb->Flags2, smb->Mid, smb->Pid, smb->WordCount);
+       if (!server->ops->check_message(buf, server->total_read, server)) {
+               cifs_dbg(VFS, "smb buf %p len %u\n", smb,
+                        server->ops->calc_smb_size(smb));
+       }
 #endif /* CONFIG_CIFS_DEBUG2 */
 }