Commit bfbf2651 authored Aug 20, 2024 by Namjae Jeon Committed by Greg Kroah-Hartman Aug 29, 2024

ksmbd: the buffer of smb2 query dir response has at least 1 byte



commit ce61b605a00502c59311d0a4b1f58d62b48272d0 upstream.

When STATUS_NO_MORE_FILES status is set to smb2 query dir response,
->StructureSize is set to 9, which mean buffer has 1 byte.
This issue occurs because ->Buffer[1] in smb2_query_directory_rsp to
flex-array.

Fixes: eb3e28c1 ("smb3: Replace smb2pdu 1-element arrays with flex-arrays")
Cc: stable@vger.kernel.org # v6.1+
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent 75abfcf6

Hide whitespace changes

Inline Side-by-side

Please register or to comment