On Mon, Sep 20, 2021 at 5:46 PM Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote: > > On Sun, Sep 19, 2021 at 7:22 AM Steve French <smfrench@xxxxxxxxx> wrote: > > > > 3 ksmbd fixes: including an important security fix for path > > processing, and a missing buffer overflow check, and a trivial fix for > > incorrect header inclusion > > > > There are three additional patches (and also a patch to improve > > symlink checks) for other buffer overflow cases that are being > > reviewed and tested. > > Note that if you are working on a path basis, you should really take a > look at our vfs lookup_flags, and LOOKUP_BENEATH in particular. This was also something that Ralph brought up, and Namjae is looking at now. > The way to deal with '..' and symlinks is not to try to figure it out > yourself. You'll get it wrong, partly because the races with rename > are quite interesting. The VFS layer knows how to limit pathname > lookup to the particular directory you started in these days. > > Of course, that is only true for the actual path lookup functions. > Once you start doing things manually one component at a time yourself, > you're on your own. Agreed. Also FYI I removed the "ksmbd: Use LOOKUP_NO_SYMLINKS" changeset from for-next (I left the first two buffer validation changesets in, since those have been reviewed), since Namjae is working on an updated version following your suggestion (and others' review feedback). -- Thanks, Steve
