[PATCH v7 0/9] Buffer validation and compound handling patches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

v2:
  - update comments of smb2_get_data_area_len().
  - fix wrong buffer size check in fsctl_query_iface_info_ioctl().
  - fix 32bit overflow in smb2_set_info.

v3:
  - add buffer check for ByteCount of smb negotiate request.
  - Moved buffer check of to the top of loop to avoid unneeded behavior when
    out_buf_len is smaller than network_interface_info_ioctl_rsp.
  - get correct out_buf_len which doesn't exceed max stream protocol length.
  - subtract single smb2_lock_element for correct buffer size check in
    ksmbd_smb2_check_message().

v4: 
  - use work->response_sz for out_buf_len calculation in smb2_ioctl.
  - move smb2_neg size check to above to validate NegotiateContextOffset
    field.
  - remove unneeded dialect checks in smb2_sess_setup() and
    smb2_handle_negotiate().
  - split smb2_set_info patch into two patches(declaring
    smb2_file_basic_info and buffer check) 

v5:
  - remove PDU size validation from ksmbd_conn_handler_loop()
  - add PDU size validation to ksmbd_smb2_check_message()
  - fix compound non-related request handling

v6:
  - check we can access ProtocolId in ksmbd_verify_smb_message()
  - optimize tcon and session check functions for compound related PDUs
  - drop patch that broke SMB1 negprot
  - check credits after fully validating PDU size

v7:
  - drop header size check in ksmbd_verify_smb_message()
  - fix invalid read when accessing StructureSize2 in
    ksmbd_smb2_check_message()
  - validate credit charge after validating SMB2 PDU body size

Ralph Boehme (9):
  ksmbd: use ksmbd_req_buf_next() in ksmbd_verify_smb_message()
  ksmbd: use ksmbd_req_buf_next() in ksmbd_smb2_check_message()
  ksmbd: add and use ksmbd_smb2_cur_pdu_buflen() in
    ksmbd_smb2_check_message()
  ksmbd: check buffer is big enough to access the SMB2 PUD body size
    field
  ksmdb: validate credit charge after validating SMB2 PDU body size
  ksmdb: use cmd helper variable in smb2_get_ksmbd_tcon()
  ksmdb: make smb2_get_ksmbd_tcon() callable with chained PDUs
  ksmbd: make smb2_check_user_session() callable for compound PDUs
  ksmdb: move session and tcon validation to __process_request()

 fs/ksmbd/ksmbd_work.h |  1 +
 fs/ksmbd/server.c     | 46 +++++++++++++++++++++-------------
 fs/ksmbd/smb2misc.c   | 58 +++++++++++++++++++++++++++----------------
 fs/ksmbd/smb2pdu.c    | 39 +++++++++++++++++++++++------
 fs/ksmbd/smb2pdu.h    |  1 +
 fs/ksmbd/smb_common.c |  2 +-
 6 files changed, 101 insertions(+), 46 deletions(-)

-- 
2.31.1
[Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux