Hi Ralph,
2021년 10월 1일 (금) 오후 9:25, Ralph Boehme <slow@xxxxxxxxx>님이 작성:
>
> Note: we already have the same check in is_chained_smb2_message(), but there it
> only applies to compound requests, so we have to repeat the check here to cover
> both cases.
>
> Cc: Namjae Jeon <linkinjeon@xxxxxxxxxx>
> Cc: Tom Talpey <tom@xxxxxxxxxx>
> Cc: Ronnie Sahlberg <ronniesahlberg@xxxxxxxxx>
> Cc: Steve French <smfrench@xxxxxxxxx>
> Cc: Hyunchul Lee <hyc.lee@xxxxxxxxx>
> Signed-off-by: Ralph Boehme <slow@xxxxxxxxx>
> ---
> fs/ksmbd/smb2misc.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/fs/ksmbd/smb2misc.c b/fs/ksmbd/smb2misc.c
> index 7ed266eb6c5e..541b39b7a84b 100644
> --- a/fs/ksmbd/smb2misc.c
> +++ b/fs/ksmbd/smb2misc.c
> @@ -338,6 +338,9 @@ int ksmbd_smb2_check_message(struct ksmbd_work *work)
> if (check_smb2_hdr(hdr))
> return 1;
>
> + if (len < sizeof(struct smb2_pdu) - 4)
> + return 1;
> +
Do we need this check before accessing any fields of smb2_hdr in
ksmbd_verify_smb_message()?
> if (hdr->StructureSize != SMB2_HEADER_STRUCTURE_SIZE) {
> ksmbd_debug(SMB, "Illegal structure size %u\n",
> le16_to_cpu(hdr->StructureSize));
> --
> 2.31.1
>
--
Thanks,
Hyunchul
