ksmbd: Fix wrong return value and message length check in smb2_ioctl()
mainline inclusion from mainline-6.1-rc1 commit b1763d26 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA Reference: https://git.kernel.org/torvalds/linux/c/b1763d265af6 ------------------------------- Commit c7803b05 ("smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common") use the defination of 'struct validate_negotiate_info_req' in smbfs_common, the array length of 'Dialects' changed from 1 to 4, but the protocol does not require the client to send all 4. This lead the request which satisfied with protocol and server to fail. So just ensure the request payload has the 'DialectCount' in smb2_ioctl(), then fsctl_validate_negotiate_info() will use it to validate the payload length and each dialect. Also when the {in, out}_buf_len is less than the required, should goto out to initialize the status in the response header. Fixes: f7db8fd0 ("ksmbd: add validation in smb2_ioctl") Cc: stable@vger.kernel.org Signed-off-by:Zhang Xiaoxu <zhangxiaoxu5@huawei.com> Acked-by:
Loading
Please sign in to comment