ksmbd: fix out-of-bound read in smb2_write

mainline inclusion
from mainline-v6.4-rc6
commit 5fe7f7b7
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I7ST5T
CVE: CVE-2023-3865

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v6.5-rc5&id=5fe7f7b78290638806211046a99f031ff26164e1



--------------------------------

ksmbd_smb2_check_message doesn't validate hdr->NextCommand. If
->NextCommand is bigger than Offset + Length of smb2 write, It will
allow oversized smb2 write length. It will cause OOB read in smb2_write.

Cc: stable@vger.kernel.org
Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-21164
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>

Conflict:
  fs/ksmbd/smb2misc.c
Signed-off-by: Li Lingfeng <lilingfeng3@huawei.com>