Re: [PATCH] CIFS: fix max ea value size

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Sep 21, 2019 at 08:23:32PM +0200, Aurélien Aptel wrote:
> "Murphy Zhou" <jencce.kernel@xxxxxxxxx> writes:
> > It should not be larger then the slab max buf size. If user
> > specifies a larger size, it passes this check and goes
> > straightly to SMB2_set_info_init performing an insecure memcpy.
> 
> It's even smaller than that as CIFSMaxBufSize is the max size for the
> whole packet IIRC. The EA payload needs to fit into that. So it should
> be CIFSMaxBufSize-(largest SMB2 header size + Set EA initial header).

No need. Slab size includes the bufzise and the header size.

> And if we set multiple EA at the same time it has to be divided
> by the number of EAs etc...

They will be handled separately and slab will work well.

> 
> Cheers,
> -- 
> Aurélien Aptel / SUSE Labs Samba Team
> GPG: 1839 CB5F 9F5B FB9B AA97  8C99 03C8 A49B 521B D5D3
> SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, DE
> GF: Felix Imendörffer, Mary Higgins, Sri Rasiah HRB 247165 (AG München)



[Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux