| Message ID | 20220901142413.3351804-4-zhangxiaoxu5@huawei.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Fix some bug in FSCTL_VALIDATE_NEGOTIATE_INFO handler | expand |
Reviewed-by: Tom Talpey <tom@talpey.com> On 9/1/2022 10:24 AM, Zhang Xiaoxu wrote: > When the out_buf_len is less than the size of struct > validate_negotiate_info_rsp, should goto out to initialize the > status in the response header. > > Fixes: f7db8fd03a4bc ("ksmbd: add validation in smb2_ioctl") > Signed-off-by: Zhang Xiaoxu <zhangxiaoxu5@huawei.com> > Cc: <stable@vger.kernel.org> > --- > fs/ksmbd/smb2pdu.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c > index c9f400bbb814..7da0ec466887 100644 > --- a/fs/ksmbd/smb2pdu.c > +++ b/fs/ksmbd/smb2pdu.c > @@ -7640,8 +7640,10 @@ int smb2_ioctl(struct ksmbd_work *work) > goto out; > } > > - if (out_buf_len < sizeof(struct validate_negotiate_info_rsp)) > - return -EINVAL; > + if (out_buf_len < sizeof(struct validate_negotiate_info_rsp)) { > + ret = -EINVAL; > + goto out; > + } > > ret = fsctl_validate_negotiate_info(conn, > (struct validate_negotiate_info_req *)&req->Buffer[0],
2022-09-02 22:29 GMT+09:00, Tom Talpey <tom@talpey.com>: > Reviewed-by: Tom Talpey <tom@talpey.com> > > On 9/1/2022 10:24 AM, Zhang Xiaoxu wrote: >> When the out_buf_len is less than the size of struct >> validate_negotiate_info_rsp, should goto out to initialize the >> status in the response header. >> >> Fixes: f7db8fd03a4bc ("ksmbd: add validation in smb2_ioctl") >> Signed-off-by: Zhang Xiaoxu <zhangxiaoxu5@huawei.com> >> Cc: <stable@vger.kernel.org> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Zhang, Can you add cc me on next-spin ?
diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index c9f400bbb814..7da0ec466887 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -7640,8 +7640,10 @@ int smb2_ioctl(struct ksmbd_work *work) goto out; } - if (out_buf_len < sizeof(struct validate_negotiate_info_rsp)) - return -EINVAL; + if (out_buf_len < sizeof(struct validate_negotiate_info_rsp)) { + ret = -EINVAL; + goto out; + } ret = fsctl_validate_negotiate_info(conn, (struct validate_negotiate_info_req *)&req->Buffer[0],
When the out_buf_len is less than the size of struct validate_negotiate_info_rsp, should goto out to initialize the status in the response header. Fixes: f7db8fd03a4bc ("ksmbd: add validation in smb2_ioctl") Signed-off-by: Zhang Xiaoxu <zhangxiaoxu5@huawei.com> Cc: <stable@vger.kernel.org> --- fs/ksmbd/smb2pdu.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)