merged into cifs-2.6.git for-next (waiting on additional
review/testing of patch 3 in the series before merging that)
On Sun, Sep 25, 2022 at 9:35 PM Zhang Xiaoxu <zhangxiaoxu5@xxxxxxxxxx> wrote:
>
> Commit d5c7076b772a ("smb3: add smb3.1.1 to default dialect list")
> extend the dialects from 3 to 4, but forget to decrease the extended
> length when specific the dialect, then the message length is larger
> than expected.
>
> This maybe leak some info through network because not initialize the
> message body.
>
> After apply this patch, the VALIDATE_NEGOTIATE_INFO message length is
> reduced from 28 bytes to 26 bytes.
>
> Fixes: d5c7076b772a ("smb3: add smb3.1.1 to default dialect list")
> Signed-off-by: Zhang Xiaoxu <zhangxiaoxu5@xxxxxxxxxx>
> Cc: <stable@xxxxxxxxxxxxxxx>
> Reviewed-by: Tom Talpey <tom@xxxxxxxxxx>
> ---
> fs/cifs/smb2pdu.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
> index 40da444c46b4..90ccac18f9f3 100644
> --- a/fs/cifs/smb2pdu.c
> +++ b/fs/cifs/smb2pdu.c
> @@ -1169,9 +1169,9 @@ int smb3_validate_negotiate(const unsigned int xid, struct cifs_tcon *tcon)
> pneg_inbuf->Dialects[0] =
> cpu_to_le16(server->vals->protocol_id);
> pneg_inbuf->DialectCount = cpu_to_le16(1);
> - /* structure is big enough for 3 dialects, sending only 1 */
> + /* structure is big enough for 4 dialects, sending only 1 */
> inbuflen = sizeof(*pneg_inbuf) -
> - sizeof(pneg_inbuf->Dialects[0]) * 2;
> + sizeof(pneg_inbuf->Dialects[0]) * 3;
> }
>
> rc = SMB2_ioctl(xid, tcon, NO_FILE_ID, NO_FILE_ID,
> --
> 2.31.1
>
--
Thanks,
Steve
