Merged into cifsd-for-next (smbd-for-next) after fixing typo in title.
The other three look promising but want to look in more detail at
those unless others have review feedback on those - those patches
include some potentially very important checks.
On Sat, Sep 18, 2021 at 4:45 AM Namjae Jeon <linkinjeon@xxxxxxxxxx> wrote:
>
> Add validation to check whether req->InputBufferLength is smaller than
> smb2_ea_info_req structure size.
>
> Cc: Ronnie Sahlberg <ronniesahlberg@xxxxxxxxx>
> Cc: Ralph Böhme <slow@xxxxxxxxx>
> Cc: Steve French <smfrench@xxxxxxxxx>
> Signed-off-by: Namjae Jeon <linkinjeon@xxxxxxxxxx>
> ---
> fs/ksmbd/smb2pdu.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c
> index e589e8cc389f..e92af212583e 100644
> --- a/fs/ksmbd/smb2pdu.c
> +++ b/fs/ksmbd/smb2pdu.c
> @@ -4059,6 +4059,10 @@ static int smb2_get_ea(struct ksmbd_work *work, struct ksmbd_file *fp,
> path = &fp->filp->f_path;
> /* single EA entry is requested with given user.* name */
> if (req->InputBufferLength) {
> + if (le32_to_cpu(req->InputBufferLength) <
> + sizeof(struct smb2_ea_info_req))
> + return -EINVAL;
> +
> ea_req = (struct smb2_ea_info_req *)req->Buffer;
> } else {
> /* need to send all EAs, if no specific EA is requested*/
> --
> 2.25.1
>
--
Thanks,
Steve
