Unverified Commit f2b120f2 authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!1480 ksmbd: fix wrong UserName check in session_user 

Merge Pull Request from: @ci-robot 
 
PR sync from: Li Lingfeng <lilingfeng3@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/Y2W37QUMGCXHZUAFBDA3UDH5CQW3KN2Z/ 
 
https://gitee.com/src-openeuler/kernel/issues/I7LU3D 
 
Link:https://gitee.com/openeuler/kernel/pulls/1480

 

Reviewed-by: default avatarJialin Zhang <zhangjialin11@huawei.com>
Signed-off-by: default avatarJialin Zhang <zhangjialin11@huawei.com>
parents 2844cc2e 2a2a280a

fs/ksmbd/smb2pdu.c

+2 −3
Original line number Diff line number Diff line
@@ -1383,7 +1383,7 @@ static struct ksmbd_user *session_user(struct ksmbd_conn *conn, 
	struct authenticate_message *authblob;

	struct ksmbd_user *user;

	char *name;

	unsigned int auth_msg_len, name_off, name_len, secbuf_len;

	unsigned int name_off, name_len, secbuf_len;



	secbuf_len = le16_to_cpu(req->SecurityBufferLength);

	if (secbuf_len < sizeof(struct authenticate_message)) {
@@ -1393,9 +1393,8 @@ static struct ksmbd_user *session_user(struct ksmbd_conn *conn, 
	authblob = user_authblob(conn, req);

	name_off = le32_to_cpu(authblob->UserName.BufferOffset);

	name_len = le16_to_cpu(authblob->UserName.Length);

	auth_msg_len = le16_to_cpu(req->SecurityBufferOffset) + secbuf_len;



	if (auth_msg_len < (u64)name_off + name_len)

	if (secbuf_len < (u64)name_off + name_len)

		return NULL;



	name = smb_strndup_from_utf16((const char *)authblob + name_off,