Commit 63f46b60 authored by Namjae Jeon's avatar Namjae Jeon Committed by Zhong Jinghua
Browse files

ksmbd: add reserved room in ipc request/response 

mainline inclusion
from mainline-5.17-rc1
commit 41dbda16
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G
CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/41dbda16a090



-------------------------------

Whenever new parameter is added to smb configuration, It is possible
to break the execution of the IPC daemon by mismatch size of
request/response. This patch tries to reserve space in ipc request/response
in advance to prevent that.

Signed-off-by: default avatarNamjae Jeon <linkinjeon@kernel.org>
Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
Signed-off-by: default avatarJason Yan <yanaijie@huawei.com>
Signed-off-by: default avatarZhong Jinghua <zhongjinghua@huawei.com>
parent d7b1689c

fs/ksmbd/ksmbd_netlink.h

+10 −1
Original line number Diff line number Diff line
@@ -104,6 +104,7 @@ struct ksmbd_startup_request { 
					 */

	__u32	sub_auth[3];		/* Subauth value for Security ID */

	__u32	smb2_max_credits;	/* MAX credits */

	__u32	reserved[128];		/* Reserved room */

	__u32	ifc_list_sz;		/* interfaces list size */

	__s8	____payload[];

};
@@ -114,7 +115,7 @@ struct ksmbd_startup_request { 
 * IPC request to shutdown ksmbd server.

 */

struct ksmbd_shutdown_request {

	__s32	reserved;

	__s32	reserved[16];

};



/*
@@ -123,6 +124,7 @@ struct ksmbd_shutdown_request { 
struct ksmbd_login_request {

	__u32	handle;

	__s8	account[KSMBD_REQ_MAX_ACCOUNT_NAME_SZ]; /* user account name */

	__u32	reserved[16];				/* Reserved room */

};



/*
@@ -136,6 +138,7 @@ struct ksmbd_login_response { 
	__u16	status;

	__u16	hash_sz;			/* hash size */

	__s8	hash[KSMBD_REQ_MAX_HASH_SZ];	/* password hash */

	__u32	reserved[16];			/* Reserved room */

};



/*
@@ -144,6 +147,7 @@ struct ksmbd_login_response { 
struct ksmbd_share_config_request {

	__u32	handle;

	__s8	share_name[KSMBD_REQ_MAX_SHARE_NAME]; /* share name */

	__u32	reserved[16];		/* Reserved room */

};



/*
@@ -158,6 +162,7 @@ struct ksmbd_share_config_response { 
	__u16	force_directory_mode;

	__u16	force_uid;

	__u16	force_gid;

	__u32	reserved[128];		/* Reserved room */

	__u32	veto_list_sz;

	__s8	____payload[];

};
@@ -188,6 +193,7 @@ struct ksmbd_tree_connect_request { 
	__s8	account[KSMBD_REQ_MAX_ACCOUNT_NAME_SZ];

	__s8	share[KSMBD_REQ_MAX_SHARE_NAME];

	__s8	peer_addr[64];

	__u32	reserved[16];		/* Reserved room */

};



/*
@@ -197,6 +203,7 @@ struct ksmbd_tree_connect_response { 
	__u32	handle;

	__u16	status;

	__u16	connection_flags;

	__u32	reserved[16];		/* Reserved room */

};



/*
@@ -205,6 +212,7 @@ struct ksmbd_tree_connect_response { 
struct ksmbd_tree_disconnect_request {

	__u64	session_id;	/* session id */

	__u64	connect_id;	/* tree connection id */

	__u32	reserved[16];	/* Reserved room */

};



/*
@@ -213,6 +221,7 @@ struct ksmbd_tree_disconnect_request { 
struct ksmbd_logout_request {

	__s8	account[KSMBD_REQ_MAX_ACCOUNT_NAME_SZ]; /* user account name */

	__u32	account_flags;

	__u32	reserved[16];				/* Reserved room */

};



/*