2023-05-17 18:59 GMT+09:00, HexRabbit <h3xrabbit@xxxxxxxxx>: > Check request_buf length first to avoid out-of-bounds read by > req->DialectCount. > > [ 3350.990282] BUG: KASAN: slab-out-of-bounds in > smb2_handle_negotiate+0x35d7/0x3e60 > [ 3350.990282] Read of size 2 at addr ffff88810ad61346 by task > kworker/5:0/276 > [ 3351.000406] Workqueue: ksmbd-io handle_ksmbd_work > [ 3351.003499] Call Trace: > [ 3351.006473] <TASK> > [ 3351.006473] dump_stack_lvl+0x8d/0xe0 > [ 3351.006473] print_report+0xcc/0x620 > [ 3351.006473] kasan_report+0x92/0xc0 > [ 3351.006473] smb2_handle_negotiate+0x35d7/0x3e60 > [ 3351.014760] ksmbd_smb_negotiate_common+0x7a7/0xf00 > [ 3351.014760] handle_ksmbd_work+0x3f7/0x12d0 > [ 3351.014760] process_one_work+0xa85/0x1780 > > Signed-off-by: HexRabbit <h3xrabbit@xxxxxxxxx> Acked-by: Namjae Jeon <linkinjeon@xxxxxxxxxx> Sergey will say, "Do we still have a requirement that there should be a real name in SoB?" Thanks for your patch!
