2022-09-26 12:36 GMT+09:00, Zhang Xiaoxu <zhangxiaoxu5@xxxxxxxxxx>:
> Commit c7803b05f74b ("smb3: fix ksmbd bigendian bug in oplock
> break, and move its struct to smbfs_common") use the defination
> of 'struct validate_negotiate_info_req' in smbfs_common, the
> array length of 'Dialects' changed from 1 to 4, but the protocol
> does not require the client to send all 4. This lead the request
> which satisfied with protocol and server to fail.
>
> So just ensure the request payload has the 'DialectCount' in
> smb2_ioctl(), then fsctl_validate_negotiate_info() will use it
> to validate the payload length and each dialect.
>
> Also when the {in, out}_buf_len is less than the required, should
> goto out to initialize the status in the response header.
>
> Fixes: f7db8fd03a4b ("ksmbd: add validation in smb2_ioctl")
> Signed-off-by: Zhang Xiaoxu <zhangxiaoxu5@xxxxxxxxxx>
Acked-by: Namjae Jeon <linkinjeon@xxxxxxxxxx>
Thanks!
