diff mbox series

fs/smb/server: fix off-by-one in ksmbd_nl_policy

Message ID ZbAmi0VQRY2zdLN6@westworld (mailing list archive)
State New, archived
Headers show
Series fs/smb/server: fix off-by-one in ksmbd_nl_policy | expand

Commit Message

Kyle Zeng Jan. 23, 2024, 8:50 p.m. UTC
The size of the policy array should be one larger than genl_family.maxattr, or it
will lead to an off-by-one read during nlattr parsing because
gennl_family.maxattr should be the *largest expected* value

Signed-off-by: Kyle Zeng <zengyhkyle@gmail.com>
---
 fs/smb/server/transport_ipc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Namjae Jeon Jan. 24, 2024, 1:37 a.m. UTC | #1
2024-01-24 5:50 GMT+09:00, Kyle Zeng <zengyhkyle@gmail.com>:
> The size of the policy array should be one larger than genl_family.maxattr,
> or it
> will lead to an off-by-one read during nlattr parsing because
> gennl_family.maxattr should be the *largest expected* value
>
> Signed-off-by: Kyle Zeng <zengyhkyle@gmail.com>
> ---
>  fs/smb/server/transport_ipc.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/smb/server/transport_ipc.c b/fs/smb/server/transport_ipc.c
> index b49d47bdafc..185db4d7f2b 100644
> --- a/fs/smb/server/transport_ipc.c
> +++ b/fs/smb/server/transport_ipc.c
> @@ -74,7 +74,7 @@ static int handle_unsupported_event(struct sk_buff *skb,
> struct genl_info *info)
>  static int handle_generic_event(struct sk_buff *skb, struct genl_info
> *info);
>  static int ksmbd_ipc_heartbeat_request(void);
>
> -static const struct nla_policy ksmbd_nl_policy[KSMBD_EVENT_MAX] = {
> +static const struct nla_policy ksmbd_nl_policy[KSMBD_EVENT_MAX + 1] = {'
Have you checked the following patch ? And can this patch replace the
patch below?

https://lore.kernel.org/lkml/20240121073506.84528-1-linma@zju.edu.cn/t/

Thanks.
>  	[KSMBD_EVENT_UNSPEC] = {
>  		.len = 0,
>  	},
> --
> 2.34.1
>
>
diff mbox series

Patch

diff --git a/fs/smb/server/transport_ipc.c b/fs/smb/server/transport_ipc.c
index b49d47bdafc..185db4d7f2b 100644
--- a/fs/smb/server/transport_ipc.c
+++ b/fs/smb/server/transport_ipc.c
@@ -74,7 +74,7 @@  static int handle_unsupported_event(struct sk_buff *skb, struct genl_info *info)
 static int handle_generic_event(struct sk_buff *skb, struct genl_info *info);
 static int ksmbd_ipc_heartbeat_request(void);
 
-static const struct nla_policy ksmbd_nl_policy[KSMBD_EVENT_MAX] = {
+static const struct nla_policy ksmbd_nl_policy[KSMBD_EVENT_MAX + 1] = {
 	[KSMBD_EVENT_UNSPEC] = {
 		.len = 0,
 	},