This is a note to let you know that I've just added the patch titled
ksmbd: Use struct_size() helper in ksmbd_negotiate_smb_dialect()
to the 6.1-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
ksmbd-use-struct_size-helper-in-ksmbd_negotiate_smb_.patch
and it can be found in the queue-6.1 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit 9de1541d1c548ff46e8285362f587e02c4afc3ea
Author: Gustavo A. R. Silva <gustavoars@xxxxxxxxxx>
Date: Sun Dec 31 16:12:49 2023 +0900
ksmbd: Use struct_size() helper in ksmbd_negotiate_smb_dialect()
[ Upstream commit 5211cc8727ed9701b04976ab47602955e5641bda ]
Prefer struct_size() over open-coded versions.
Link: https://github.com/KSPP/linux/issues/160
Signed-off-by: Gustavo A. R. Silva <gustavoars@xxxxxxxxxx>
Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>
Acked-by: Namjae Jeon <linkinjeon@xxxxxxxxxx>
Reviewed-by: Sergey Senozhatsky <senozhatsky@xxxxxxxxxxxx>
Signed-off-by: Steve French <stfrench@xxxxxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
diff --git a/fs/smb/server/smb_common.c b/fs/smb/server/smb_common.c
index 62c33d3357fe1..b6f414a2404b1 100644
--- a/fs/smb/server/smb_common.c
+++ b/fs/smb/server/smb_common.c
@@ -266,7 +266,7 @@ static int ksmbd_negotiate_smb_dialect(void *buf)
if (smb2_neg_size > smb_buf_length)
goto err_out;
- if (smb2_neg_size + le16_to_cpu(req->DialectCount) * sizeof(__le16) >
+ if (struct_size(req, Dialects, le16_to_cpu(req->DialectCount)) >
smb_buf_length)
goto err_out;
