ksmbd: check protocol id in ksmbd_verify_smb_message() (18a015bc) · Commits · EulixOS / Software / Kernel

fs/ksmbd/smb2pdu.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -433,7 +433,7 @@ static void init_chained_smb2_rsp(struct ksmbd_work *work)
		work->compound_pfid = KSMBD_NO_FID;
		}
		memset((char *)rsp_hdr + 4, 0, sizeof(struct smb2_hdr) + 2);
		rsp_hdr->ProtocolId = rcv_hdr->ProtocolId;
		rsp_hdr->ProtocolId = SMB2_PROTO_NUMBER;
		rsp_hdr->StructureSize = SMB2_HEADER_STRUCTURE_SIZE;
		rsp_hdr->Command = rcv_hdr->Command;

+9 −4

Original line number	Diff line number	Diff line
		@@ -129,16 +129,22 @@ int ksmbd_lookup_protocol_idx(char *str)
		*
		* check for valid smb signature and packet direction(request/response)
		*
		* Return: 0 on success, otherwise 1
		* Return: 0 on success, otherwise -EINVAL
		*/
		int ksmbd_verify_smb_message(struct ksmbd_work *work)
		{
		struct smb2_hdr *smb2_hdr = work->request_buf;
		struct smb2_hdr *smb2_hdr = work->request_buf + work->next_smb2_rcv_hdr_off;
		struct smb_hdr *hdr;

		if (smb2_hdr->ProtocolId == SMB2_PROTO_NUMBER)
		return ksmbd_smb2_check_message(work);

		hdr = work->request_buf;
		if ((__le32 )hdr->Protocol == SMB1_PROTO_NUMBER &&
		hdr->Command == SMB_COM_NEGOTIATE)
		return 0;

		return -EINVAL;
		}

		/**
		@@ -265,7 +271,6 @@ static int ksmbd_negotiate_smb_dialect(void *buf)
		return BAD_PROT_ID;
		}

		#define SMB_COM_NEGOTIATE 0x72
		int ksmbd_init_smb_server(struct ksmbd_work *work)
		{
		struct ksmbd_conn *conn = work->conn;

+1 −0

Original line number	Diff line number	Diff line
		@@ -210,6 +210,7 @@
		FILE_READ_ATTRIBUTES \| FILE_WRITE_ATTRIBUTES)

		#define SMB1_PROTO_NUMBER cpu_to_le32(0x424d53ff)
		#define SMB_COM_NEGOTIATE 0x72

		#define SMB1_CLIENT_GUID_SIZE (16)
		struct smb_hdr {