Re: [PATCH v5 16/20] ksmbd: check PDU len is at least header plus body size in ksmbd_smb2_check_message()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am 02.10.21 um 07:55 schrieb Namjae Jeon:
2021-10-01 21:04 GMT+09:00, Ralph Boehme <slow@xxxxxxxxx>:
Note: we already have the same check in is_chained_smb2_message(), but there
it
only applies to compound requests, so we have to repeat the check here to
cover
both cases.

Cc: Namjae Jeon <linkinjeon@xxxxxxxxxx>
Cc: Tom Talpey <tom@xxxxxxxxxx>
Cc: Ronnie Sahlberg <ronniesahlberg@xxxxxxxxx>
Cc: Steve French <smfrench@xxxxxxxxx>
Cc: Hyunchul Lee <hyc.lee@xxxxxxxxx>
Signed-off-by: Ralph Boehme <slow@xxxxxxxxx>
---
  fs/ksmbd/smb2misc.c | 3 +++
  1 file changed, 3 insertions(+)

diff --git a/fs/ksmbd/smb2misc.c b/fs/ksmbd/smb2misc.c
index 7ed266eb6c5e..541b39b7a84b 100644
--- a/fs/ksmbd/smb2misc.c
+++ b/fs/ksmbd/smb2misc.c
@@ -338,6 +338,9 @@ int ksmbd_smb2_check_message(struct ksmbd_work *work)
  	if (check_smb2_hdr(hdr))
  		return 1;

+	if (len < sizeof(struct smb2_pdu) - 4)
+		return 1;
when only this patch is applied, how can you guarantee that session id
and tree id of smb2 header are vaild ?

what do you mean? This just checks the actual packet lenght is large enough to access the header and the body lenght field.

-slow

--
Ralph Boehme, Samba Team                 https://samba.org/
SerNet Samba Team Lead      https://sernet.de/en/team-samba

Attachment: OpenPGP_signature
Description: OpenPGP digital signature


[Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux