On Sat, Sep 21, 2019 at 08:23:32PM +0200, Aurélien Aptel wrote: > "Murphy Zhou" <jencce.kernel@xxxxxxxxx> writes: > > It should not be larger then the slab max buf size. If user > > specifies a larger size, it passes this check and goes > > straightly to SMB2_set_info_init performing an insecure memcpy. > > It's even smaller than that as CIFSMaxBufSize is the max size for the > whole packet IIRC. The EA payload needs to fit into that. So it should > be CIFSMaxBufSize-(largest SMB2 header size + Set EA initial header). No need. Slab size includes the bufzise and the header size. > And if we set multiple EA at the same time it has to be divided > by the number of EAs etc... They will be handled separately and slab will work well. > > Cheers, > -- > Aurélien Aptel / SUSE Labs Samba Team > GPG: 1839 CB5F 9F5B FB9B AA97 8C99 03C8 A49B 521B D5D3 > SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, DE > GF: Felix Imendörffer, Mary Higgins, Sri Rasiah HRB 247165 (AG München)
