!1605 CVE-2023-38430 (a1c988d0) · Commits · EulixOS / Software / Kernel

fs/ksmbd/connection.c

+3 −2

Original line number	Diff line number	Diff line
		@@ -329,8 +329,6 @@ int ksmbd_conn_handler_loop(void *p)
		continue;

		memcpy(conn->request_buf, hdr_buf, sizeof(hdr_buf));
		if (!ksmbd_smb_request(conn))
		break;

		/*
		* We already read 4 bytes to find out PDU size, now
		@@ -348,6 +346,9 @@ int ksmbd_conn_handler_loop(void *p)
		continue;
		}

		if (!ksmbd_smb_request(conn))
		break;

		if (!default_conn_ops.process_fn) {
		pr_err("No connection request callback\n");
		break;

+1 −0

Original line number	Diff line number	Diff line
		@@ -109,6 +109,7 @@

		#define SMB2_PROTO_NUMBER cpu_to_le32(0x424d53fe) /* 'B''M''S' */
		#define SMB2_TRANSFORM_PROTO_NUM cpu_to_le32(0x424d53fd)
		#define SMB2_COMPRESSION_TRANSFORM_ID cpu_to_le32(0x424d53fc)

		#define SMB21_DEFAULT_IOSIZE (1024 * 1024)
		#define SMB3_DEFAULT_IOSIZE (4 * 1024 * 1024)

+13 −1

Original line number	Diff line number	Diff line
		@@ -156,7 +156,19 @@ int ksmbd_verify_smb_message(struct ksmbd_work *work)
		*/
		bool ksmbd_smb_request(struct ksmbd_conn *conn)
		{
		return conn->request_buf[0] == 0;
		__le32 proto = (__le32 )smb2_get_msg(conn->request_buf);

		if (*proto == SMB2_COMPRESSION_TRANSFORM_ID) {
		pr_err_ratelimited("smb2 compression not support yet");
		return false;
		}

		if (*proto != SMB1_PROTO_NUMBER &&
		*proto != SMB2_PROTO_NUMBER &&
		*proto != SMB2_TRANSFORM_PROTO_NUM)
		return false;

		return true;
		}

		static bool supported_protocol(int idx)