Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-23 20:51:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
b1763d265a
linux/fs/ksmbd
History
Zhang Xiaoxu b1763d265a ksmbd: Fix wrong return value and message length check in smb2_ioctl() 
Commit c7803b05f7 ("smb3: fix ksmbd bigendian bug in oplock
break, and move its struct to smbfs_common") use the defination
of 'struct validate_negotiate_info_req' in smbfs_common, the
array length of 'Dialects' changed from 1 to 4, but the protocol
does not require the client to send all 4. This lead the request
which satisfied with protocol and server to fail.

So just ensure the request payload has the 'DialectCount' in
smb2_ioctl(), then fsctl_validate_negotiate_info() will use it
to validate the payload length and each dialect.

Also when the {in, out}_buf_len is less than the required, should
goto out to initialize the status in the response header.

Fixes: f7db8fd03a ("ksmbd: add validation in smb2_ioctl")
Cc: stable@vger.kernel.org
Signed-off-by: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
2022-10-05 01:15:44 -05:00
..
mgmt ksmbd: casefold utf-8 share names and fix ascii lowercase conversion 2022-10-05 01:15:37 -05:00
asn1.c ksmbd: use oid registry functions to decode OIDs 2021-12-28 22:47:22 -06:00
asn1.h
auth.c ksmbd: set NTLMSSP_NEGOTIATE_SEAL flag to challenge blob 2022-10-05 01:15:44 -05:00
auth.h ksmbd: fix encryption failure issue for session logoff response 2022-10-05 01:15:44 -05:00
connection.c ksmbd: casefold utf-8 share names and fix ascii lowercase conversion 2022-10-05 01:15:37 -05:00
connection.h ksmbd: casefold utf-8 share names and fix ascii lowercase conversion 2022-10-05 01:15:37 -05:00
crypto_ctx.c ksmbd: remove NTLMv1 authentication 2021-09-29 16:17:34 -05:00
crypto_ctx.h ksmbd: remove NTLMv1 authentication 2021-09-29 16:17:34 -05:00
glob.h ksmbd: fix version mismatch with out of tree 2021-10-07 10:18:34 -05:00
Kconfig ksmbd: remove md4 leftovers 2021-11-11 19:22:58 -06:00
ksmbd_netlink.h ksmbd: request update to stale share config 2022-08-11 01:05:18 -05:00
ksmbd_spnego_negtokeninit.asn1
ksmbd_spnego_negtokentarg.asn1
ksmbd_work.c ksmbd: Remove redundant 'flush_workqueue()' calls 2021-11-06 23:52:06 -05:00
ksmbd_work.h ksmbd: remove smb2_buf_length in smb2_hdr 2021-11-11 19:22:58 -06:00
Makefile
misc.c ksmbd: casefold utf-8 share names and fix ascii lowercase conversion 2022-10-05 01:15:37 -05:00
misc.h ksmbd: casefold utf-8 share names and fix ascii lowercase conversion 2022-10-05 01:15:37 -05:00
ndr.c ksmbd: port to vfs{g,u}id_t and associated helpers 2022-10-05 01:15:37 -05:00
ndr.h ksmbd: add user namespace support 2021-07-02 16:27:10 +09:00
nterr.h
ntlmssp.h treewide: Replace zero-length arrays with flexible-array members 2022-02-17 07:00:39 -06:00
oplock.c ksmbd: set file permission mode to match Samba server posix extension behavior 2022-10-05 01:15:44 -05:00
oplock.h ksmbd: remove filename in ksmbd_file 2022-04-14 20:56:13 -05:00
server.c ksmbd: fix endless loop when encryption for response fails 2022-10-05 01:15:44 -05:00
server.h ksmbd: change server config string index to enumeration 2021-06-30 14:44:01 +09:00
smb2misc.c ksmbd: prevent out of bound read for SMB2_TREE_CONNNECT 2022-07-31 23:14:32 -05:00
smb2ops.c ksmbd: add support for smb2 max credit parameter 2022-01-10 12:44:19 -06:00
smb2pdu.c ksmbd: Fix wrong return value and message length check in smb2_ioctl() 2022-10-05 01:15:44 -05:00
smb2pdu.h ksmbd: set NTLMSSP_NEGOTIATE_SEAL flag to challenge blob 2022-10-05 01:15:44 -05:00
smb_common.c ksmbd: fix outstanding credits related bugs 2022-05-21 15:01:43 -05:00
smb_common.h ksmbd: fix racy issue while destroying session on multichannel 2022-07-31 23:14:32 -05:00
smbacl.c ksmbd: port to vfs{g,u}id_t and associated helpers 2022-10-05 01:15:37 -05:00
smbacl.h ksmbd: port to vfs{g,u}id_t and associated helpers 2022-10-05 01:15:37 -05:00
smbfsctl.h
smbstatus.h
transport_ipc.c ksmbd: add smbd max io size parameter 2022-05-21 15:01:43 -05:00
transport_ipc.h ksmbd: throttle session setup failures to avoid dictionary attacks 2021-10-20 00:07:10 -05:00
transport_rdma.c ksmbd: smbd: Remove useless license text when SPDX-License-Identifier is already used 2022-06-11 11:18:26 -05:00
transport_rdma.h ksmbd: fix wrong smbd max read/write size check 2022-05-21 15:01:43 -05:00
transport_tcp.c ksmbd: use SOCK_NONBLOCK type for kernel_accept() 2022-06-11 11:18:26 -05:00
transport_tcp.h
unicode.c
unicode.h ksmbd: casefold utf-8 share names and fix ascii lowercase conversion 2022-10-05 01:15:37 -05:00
uniupr.h
vfs_cache.c ksmbd: fix racy issue while destroying session on multichannel 2022-07-31 23:14:32 -05:00
vfs_cache.h ksmbd: remove filename in ksmbd_file 2022-04-14 20:56:13 -05:00
vfs.c ksmbd: constify struct path 2022-10-05 01:15:37 -05:00
vfs.h ksmbd: constify struct path 2022-10-05 01:15:37 -05:00
xattr.h treewide: Replace zero-length arrays with flexible-array members 2022-02-17 07:00:39 -06:00