From: Namjae Jeon <linkinjeon@kernel.org>
Date: Mon, 11 Oct 2021 10:15:25 +0000 (+0900)
Subject: ksmbd: validate compound response buffer
X-Git-Tag: v5.15~36^2~6
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=dbad63001eac3abeeb2b66ddf71504e8ab128c5c;p=platform%2Fkernel%2Flinux-starfive.git

ksmbd: validate compound response buffer

Add the check to validate compound response buffer.

Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
---

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c
index 7b4689f..89c187a 100644
--- a/fs/ksmbd/smb2pdu.c
+++ b/fs/ksmbd/smb2pdu.c
@@ -449,6 +449,12 @@ bool is_chained_smb2_message(struct ksmbd_work *work)
 			return false;
 		}
 
+		if ((u64)get_rfc1002_len(work->response_buf) + MAX_CIFS_SMALL_BUFFER_SIZE >
+		    work->response_sz) {
+			pr_err("next response offset exceeds response buffer size\n");
+			return false;
+		}
+
 		ksmbd_debug(SMB, "got SMB2 chained command\n");
 		init_chained_smb2_rsp(work);
 		return true;