[{"id":3677437,"web_url":"http://patchwork.ozlabs.org/comment/3677437/","msgid":"","list_archive_url":null,"date":"2026-04-15T02:05:45","subject":"Re: [PATCH 2/3] ksmbd: reject negative ngroups in ksmbd_alloc_user()","submitter":{"id":79386,"url":"http://patchwork.ozlabs.org/api/people/79386/","name":"Namjae Jeon","email":"linkinjeon@kernel.org"},"content":"> diff --git a/fs/smb/server/mgmt/user_config.c b/fs/smb/server/mgmt/user_config.c\n> index a3183fe5c536..c62e2bf0ebef 100644\n> --- a/fs/smb/server/mgmt/user_config.c\n> +++ b/fs/smb/server/mgmt/user_config.c\n> @@ -56,8 +56,8 @@ struct ksmbd_user *ksmbd_alloc_user(struct ksmbd_login_response *resp,\n> goto err_free;\n>\n> if (resp_ext) {\n> - if (resp_ext->ngroups > NGROUPS_MAX) {\n> - pr_err(\"ngroups(%u) from login response exceeds max groups(%d)\\n\",\n> + if (resp_ext->ngroups < 0 || resp_ext->ngroups > NGROUPS_MAX) {\n> + pr_err(\"ngroups(%d) from login response exceeds max groups(%d)\\n\",\nWith the previous patch (\"ksmbd: cap response sizes in\nipc_validate_msg()\"), negative ngroups is now rejected early in IPC\nvalidation.\nHowever, ksmbd_alloc_user() still needs an explicit negative check ?\n\n> resp_ext->ngroups, NGROUPS_MAX);\n> goto err_free;\n> }\n> --\n> 2.53.0","headers":{"Return-Path":"\n ","X-Original-To":["incoming@patchwork.ozlabs.org","linux-cifs@vger.kernel.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256\n header.s=k20201202 header.b=gyLiJ5re;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c04:e001:36c::12fc:5321; helo=tor.lore.kernel.org;\n envelope-from=linux-cifs+bounces-10824-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)","smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org\n header.b=\"gyLiJ5re\"","smtp.subspace.kernel.org;\n arc=none smtp.client-ip=10.30.226.201"],"Received":["from tor.lore.kernel.org (tor.lore.kernel.org\n [IPv6:2600:3c04:e001:36c::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fwPfn0HMCz1yHM\n\tfor ; Wed, 15 Apr 2026 12:07:28 +1000 (AEST)","from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby tor.lore.kernel.org (Postfix) with ESMTP id 333DD30812E6\n\tfor ; Wed, 15 Apr 2026 02:06:02 +0000 (UTC)","from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 40A9927A916;\n\tWed, 15 Apr 2026 02:05:59 +0000 (UTC)","from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org\n [10.30.226.201])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 1DDEA189B84\n\tfor ; Wed, 15 Apr 2026 02:05:58 +0000 (UTC)","by smtp.kernel.org (Postfix) with ESMTPSA id BA37FC4AF0B\n\tfor ; Wed, 15 Apr 2026 02:05:58 +0000 (UTC)","by mail-ed1-f52.google.com with SMTP id\n 4fb4d7f45d1cf-65c0891f4e9so10556830a12.1\n for ;\n Tue, 14 Apr 2026 19:05:58 -0700 (PDT)"],"ARC-Seal":"i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1776218759; cv=none;\n b=Y4Nw2zbiiwIRy4SkuIoWlJ6TL7HlbdhGMPepCXseJO7GR8uJzZCrCW4JIP8g19NGyBgBAVP9LmslhU8kPo0aAjDpTYoQPluXsCUKqiB2VY1xVD/CzmTplEGH/uT4kabLb+5oNioyk0hNGuGj2jCNQ35G/66Q6xx2WSbFCmEvOVw=","ARC-Message-Signature":"i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1776218759; c=relaxed/simple;\n\tbh=ZRAPSS779XlvSrcDbAnAYpBjhtSu2NTgxiO1w/TXAbY=;\n\th=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject:\n\t To:Cc:Content-Type;\n b=TpSlROQUf1q76sctHNHC1whrMpLvWrYULYNQxLYs5+EG0Pp1oLVN2FiYQv6eMX5XQGKUi3YBOF38qE1eKJVwtH8TDKGZpEQvxSEdFUATi86N6JbZMWPVEyuBLLFPfHB7wSTTkN3a2kkU48w3TiiuSPeUeDrjPtMjjXDqswUHLrY=","ARC-Authentication-Results":"i=1; smtp.subspace.kernel.org;\n dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org\n header.b=gyLiJ5re; arc=none smtp.client-ip=10.30.226.201","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;\n\ts=k20201202; t=1776218758;\n\tbh=ZRAPSS779XlvSrcDbAnAYpBjhtSu2NTgxiO1w/TXAbY=;\n\th=References:In-Reply-To:From:Date:Subject:To:Cc:From;\n\tb=gyLiJ5re7ez32jpagsSGWzStuD1Mg2TwIDQcMsrQtroQCpdgLRghns5SClBDP8k7L\n\t y4MoZLkk+GIuLkNbLKFiHbzp8MGhkuk3F60ruy4ivlO4BIEkQJEpEyaBtH3gl6tCpY\n\t 99AZQypuPzb2o9yeFJW3cKOUX2fvvd+kehZWn9qgPMU37z95Qo3Eq7l3l6rCf7oOh/\n\t qQVKH9YWEM46M0B/dUk5OPfEcVFH43xexIaEKiE/cc3h0wTx5TPulDL2OSJyfttcOs\n\t s9jgBS+HWrnI1XwXKRLp8DjQLGv6JLX9Xyp1U79tFiJ9cDKnnGjjncGMy/FJUIYD1G\n\t 2mrPp4zRmnDbw==","X-Gm-Message-State":"AOJu0YzFjdSlMWvVxyyoL/Yp+gXe1Lc+jteyn+4g2EwT69TlPGCWH+a0\n\tHPZYGLKzI8hNzmgUbhPr//77UoLK/CvHkQ4Vo0OAayDYWyG8FPMPZcLWf8w7EIhH4m1EMfh2BTN\n\tBXeWWKKJFuwiqX94iEzHL6fGfKnWRQJM=","X-Received":"by 2002:a05:6402:613:b0:671:8ba1:e8ab with SMTP id\n 4fb4d7f45d1cf-6718ba1e9a7mr3948658a12.1.1776218757351; Tue, 14 Apr 2026\n 19:05:57 -0700 (PDT)","Precedence":"bulk","X-Mailing-List":"linux-cifs@vger.kernel.org","List-Id":"","List-Subscribe":"","List-Unsubscribe":"","MIME-Version":"1.0","References":"<20260414191533.1467353-1-michael.bommarito@gmail.com>\n <20260414191533.1467353-3-michael.bommarito@gmail.com>","In-Reply-To":"<20260414191533.1467353-3-michael.bommarito@gmail.com>","From":"Namjae Jeon ","Date":"Wed, 15 Apr 2026 11:05:45 +0900","X-Gmail-Original-Message-ID":"\n ","X-Gm-Features":"AQROBzDVcTh38pxAIFoU8LssRoT-lh6vuP27HlEXphQNJLuEscIkchrpbrrRx9s","Message-ID":"\n ","Subject":"Re: [PATCH 2/3] ksmbd: reject negative ngroups in ksmbd_alloc_user()","To":"Michael Bommarito ","Cc":"linux-cifs@vger.kernel.org, Steve French ,\n\tSergey Senozhatsky , Tom Talpey ,\n stable@vger.kernel.org","Content-Type":"text/plain; charset=\"UTF-8\""}}]