[4/6] ksmbd: smb2: Allow messages padded to 8byte boundary

Message ID	20230505151108.5911-4-linkinjeon@kernel.org
State	New
Headers	show Return-Path: <linux-cifs-owner@vger.kernel.org> From: Namjae Jeon <linkinjeon@kernel.org> To: linux-cifs@vger.kernel.org Cc: smfrench@gmail.com, senozhatsky@chromium.org, tom@talpey.com, atteh.mailbox@gmail.com, Namjae Jeon <linkinjeon@kernel.org>, Gustav Johansson <gustajo@axis.com> Subject: [PATCH 4/6] ksmbd: smb2: Allow messages padded to 8byte boundary Date: Sat, 6 May 2023 00:11:06 +0900 Message-Id: <20230505151108.5911-4-linkinjeon@kernel.org> In-Reply-To: <20230505151108.5911-1-linkinjeon@kernel.org> References: <20230505151108.5911-1-linkinjeon@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	[1/6] ksmbd: fix global-out-of-bounds in smb2_find_context_vals \| expand [1/6] ksmbd: fix global-out-of-bounds in smb2_find_context_vals [2/6] ksmbd: fix wrong UserName check in session_user [3/6] ksmbd: allocate one more byte for implied bcc[0] [4/6] ksmbd: smb2: Allow messages padded to 8byte boundary [5/6] ksmbd: remove unused ksmbd_tree_conn_share function [6/6] ksmbd: use kzalloc() instead of __GFP_ZERO

Message ID

20230505151108.5911-4-linkinjeon@kernel.org

State

New

Headers

From: Namjae Jeon <linkinjeon@kernel.org>
To: linux-cifs@vger.kernel.org
Cc: smfrench@gmail.com, senozhatsky@chromium.org, tom@talpey.com,
        atteh.mailbox@gmail.com, Namjae Jeon <linkinjeon@kernel.org>,
        Gustav Johansson <gustajo@axis.com>
Subject: [PATCH 4/6] ksmbd: smb2: Allow messages padded to 8byte boundary
Date: Sat,  6 May 2023 00:11:06 +0900
Message-Id: <20230505151108.5911-4-linkinjeon@kernel.org>
In-Reply-To: <20230505151108.5911-1-linkinjeon@kernel.org>
References: <20230505151108.5911-1-linkinjeon@kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

[1/6] ksmbd: fix global-out-of-bounds in smb2_find_context_vals | expand

Commit Message

Namjae Jeon May 5, 2023, 3:11 p.m. UTC

From: Gustav Johansson <gustajo@axis.com>

clc length is now accepted to <= 8 less than length,
rather than < 8.

Solve issues on some of Axis's smb clients which send
messages where clc length is 8 bytes less than length.

The specific client was running kernel 4.19.217 with
smb dialect 3.0.2 on armv7l.

Signed-off-by: Gustav Johansson <gustajo@axis.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
---
 fs/ksmbd/smb2misc.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fs/ksmbd/smb2misc.c b/fs/ksmbd/smb2misc.c
index fbdde426dd01..0ffe663b7590 100644
--- a/fs/ksmbd/smb2misc.c
+++ b/fs/ksmbd/smb2misc.c
@@ -416,8 +416,11 @@  int ksmbd_smb2_check_message(struct ksmbd_work *work)
 
 		/*
 		 * Allow a message that padded to 8byte boundary.
+		 * Linux 4.19.217 with smb 3.0.2 are sometimes
+		 * sending messages where the cls_len is exactly
+		 * 8 bytes less than len.
 		 */
-		if (clc_len < len && (len - clc_len) < 8)
+		if (clc_len < len && (len - clc_len) <= 8)
 			goto validate_credit;
 
 		pr_err_ratelimited(

[4/6] ksmbd: smb2: Allow messages padded to 8byte boundary

Commit Message

Patch