projects / platform / kernel / linux-starfive.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9a63b99)
ksmbd: validate compound response buffer
authorNamjae Jeon <linkinjeon@kernel.org>
Mon, 11 Oct 2021 10:15:25 +0000 (19:15 +0900)
committerSteve French <stfrench@microsoft.com>
Thu, 14 Oct 2021 04:37:19 +0000 (23:37 -0500)
Add the check to validate compound response buffer.

Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
fs/ksmbd/smb2pdu.c patch | blob | history

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c
index 7b4689f..89c187a 100644 (file)
--- a/fs/ksmbd/smb2pdu.c
+++ b/fs/ksmbd/smb2pdu.c
@@ -449,6 +449,12 @@ bool is_chained_smb2_message(struct ksmbd_work *work)
                        return false;
                }
 
+               if ((u64)get_rfc1002_len(work->response_buf) + MAX_CIFS_SMALL_BUFFER_SIZE >
+                   work->response_sz) {
+                       pr_err("next response offset exceeds response buffer size\n");
+                       return false;
+               }
+
                ksmbd_debug(SMB, "got SMB2 chained command\n");
                init_chained_smb2_rsp(work);
                return true;
Domain: System / Kernel;