Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-12-01 16:41:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

ksmbd: check invalid FileOffset and BeyondFinalZero in FSCTL_ZERO_DATA

Browse Source 
FileOffset should not be greater than BeyondFinalZero in FSCTL_ZERO_DATA.
And don't call ksmbd_vfs_zero_data() if length is zero.

Cc: stable@vger.kernel.org
Reviewed-by: Hyunchul Lee <hyc.lee@gmail.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
This commit is contained in:
Namjae Jeon 2022-06-19 22:37:17 +09:00 committed by Steve French
parent 18e39fb960
commit b5e5f9dfc9
1 changed files with 17 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
fs/ksmbd/smb2pdu.c
View File

@ -7700,7 +7700,7 @@ int smb2_ioctl(struct ksmbd_work *work)
{ {
struct file_zero_data_information *zero_data; struct file_zero_data_information *zero_data;
struct ksmbd_file *fp; struct ksmbd_file *fp;
loff_t off, len; loff_t off, len, bfz;
if (!test_tree_conn_flag(work->tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) { if (!test_tree_conn_flag(work->tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) {
ksmbd_debug(SMB, ksmbd_debug(SMB,
@ -7717,19 +7717,26 @@ int smb2_ioctl(struct ksmbd_work *work)
zero_data = zero_data =
(struct file_zero_data_information *)&req->Buffer[0]; (struct file_zero_data_information *)&req->Buffer[0];
fp = ksmbd_lookup_fd_fast(work, id); off = le64_to_cpu(zero_data->FileOffset);
if (!fp) { bfz = le64_to_cpu(zero_data->BeyondFinalZero);
ret = -ENOENT; if (off > bfz) {
ret = -EINVAL;
goto out; goto out;
} }
off = le64_to_cpu(zero_data->FileOffset); len = bfz - off;
len = le64_to_cpu(zero_data->BeyondFinalZero) - off; if (len) {
fp = ksmbd_lookup_fd_fast(work, id);
if (!fp) {
ret = -ENOENT;
goto out;
}
ret = ksmbd_vfs_zero_data(work, fp, off, len); ret = ksmbd_vfs_zero_data(work, fp, off, len);
ksmbd_fd_put(work, fp); ksmbd_fd_put(work, fp);
if (ret < 0) if (ret < 0)
goto out; goto out;
}
break; break;
} }
case FSCTL_QUERY_ALLOCATED_RANGES: case FSCTL_QUERY_ALLOCATED_RANGES: