Regression tests with the three in linux-next passed ... http://smb3-test-rhel-75.southcentralus.cloudapp.azure.com/#/builders/8/builds/67 On Sat, Sep 18, 2021 at 10:55 AM Steve French <smfrench@xxxxxxxxx> wrote: > > Merged into cifsd-for-next (smbd-for-next) after fixing typo in title. > The other three look promising but want to look in more detail at > those unless others have review feedback on those - those patches > include some potentially very important checks. > > On Sat, Sep 18, 2021 at 4:45 AM Namjae Jeon <linkinjeon@xxxxxxxxxx> wrote: > > > > Add validation to check whether req->InputBufferLength is smaller than > > smb2_ea_info_req structure size. > > > > Cc: Ronnie Sahlberg <ronniesahlberg@xxxxxxxxx> > > Cc: Ralph Böhme <slow@xxxxxxxxx> > > Cc: Steve French <smfrench@xxxxxxxxx> > > Signed-off-by: Namjae Jeon <linkinjeon@xxxxxxxxxx> > > --- > > fs/ksmbd/smb2pdu.c | 4 ++++ > > 1 file changed, 4 insertions(+) > > > > diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c > > index e589e8cc389f..e92af212583e 100644 > > --- a/fs/ksmbd/smb2pdu.c > > +++ b/fs/ksmbd/smb2pdu.c > > @@ -4059,6 +4059,10 @@ static int smb2_get_ea(struct ksmbd_work *work, struct ksmbd_file *fp, > > path = &fp->filp->f_path; > > /* single EA entry is requested with given user.* name */ > > if (req->InputBufferLength) { > > + if (le32_to_cpu(req->InputBufferLength) < > > + sizeof(struct smb2_ea_info_req)) > > + return -EINVAL; > > + > > ea_req = (struct smb2_ea_info_req *)req->Buffer; > > } else { > > /* need to send all EAs, if no specific EA is requested*/ > > -- > > 2.25.1 > > > > > -- > Thanks, > > Steve -- Thanks, Steve
