| Message ID | 20230729033618.3330897-1-leo.lilong@huawei.com |
|---|---|
| State | New |
| Headers | show |
| Series | ksmbd: validate command request size | expand |
2023-07-29 12:36 GMT+09:00, Long Li <leo.lilong@huawei.com>: > In commit 2b9b8f3b68ed ("ksmbd: validate command payload size"), except > for SMB2_OPLOCK_BREAK_HE command, the request size of other commands > is not checked, it's not expected. Fix it by add check for request > size of other commands. > > Fixes: 2b9b8f3b68ed ("ksmbd: validate command payload size") > Signed-off-by: Long Li <leo.lilong@huawei.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Applied it to #ksmbd-for-next-next. Thanks.
diff --git a/fs/smb/server/smb2misc.c b/fs/smb/server/smb2misc.c index 33b7e6c4ceff..e881df1d10cb 100644 --- a/fs/smb/server/smb2misc.c +++ b/fs/smb/server/smb2misc.c @@ -380,13 +380,13 @@ int ksmbd_smb2_check_message(struct ksmbd_work *work) } if (smb2_req_struct_sizes[command] != pdu->StructureSize2) { - if (command == SMB2_OPLOCK_BREAK_HE && - le16_to_cpu(pdu->StructureSize2) != OP_BREAK_STRUCT_SIZE_20 && - le16_to_cpu(pdu->StructureSize2) != OP_BREAK_STRUCT_SIZE_21) { + if (!(command == SMB2_OPLOCK_BREAK_HE && + (le16_to_cpu(pdu->StructureSize2) == OP_BREAK_STRUCT_SIZE_20 || + le16_to_cpu(pdu->StructureSize2) == OP_BREAK_STRUCT_SIZE_21))) { /* special case for SMB2.1 lease break message */ ksmbd_debug(SMB, - "Illegal request size %d for oplock break\n", - le16_to_cpu(pdu->StructureSize2)); + "Illegal request size %u for command %d\n", + le16_to_cpu(pdu->StructureSize2), command); return 1; } }
In commit 2b9b8f3b68ed ("ksmbd: validate command payload size"), except for SMB2_OPLOCK_BREAK_HE command, the request size of other commands is not checked, it's not expected. Fix it by add check for request size of other commands. Fixes: 2b9b8f3b68ed ("ksmbd: validate command payload size") Signed-off-by: Long Li <leo.lilong@huawei.com> --- fs/smb/server/smb2misc.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-)