leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ksmbd: set STATUS_INVALID_PARAMETER error status if credit charge is invalid

Browse Source 
MS-SMB2 specification describe :
 If the calculated credit number is greater than the CreditCharge,
 the server MUST fail the request with the error code
 STATUS_INVALID_PARAMETER.

Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
This commit is contained in:
Namjae Jeon 2021-07-16 14:52:46 +09:00
parent 58090b1752
commit 67307023d0
2 changed files with 17 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
fs/ksmbd/server.c
View File

@ -101,8 +101,8 @@ static inline int check_conn_state(struct ksmbd_work *work)
return 0; return 0;
} }
#define TCP_HANDLER_CONTINUE 0 #define SERVER_HANDLER_CONTINUE 0
#define TCP_HANDLER_ABORT 1 #define SERVER_HANDLER_ABORT 1
static int __process_request(struct ksmbd_work *work, struct ksmbd_conn *conn, static int __process_request(struct ksmbd_work *work, struct ksmbd_conn *conn,
u16 *cmd) u16 *cmd)
@ -112,10 +112,10 @@ static int __process_request(struct ksmbd_work *work, struct ksmbd_conn *conn,
int ret; int ret;
if (check_conn_state(work)) if (check_conn_state(work))
return TCP_HANDLER_CONTINUE; return SERVER_HANDLER_CONTINUE;
if (ksmbd_verify_smb_message(work)) if (ksmbd_verify_smb_message(work))
return TCP_HANDLER_ABORT; return SERVER_HANDLER_ABORT;
command = conn->ops->get_cmd_val(work); command = conn->ops->get_cmd_val(work);
*cmd = command; *cmd = command;
@ -123,21 +123,21 @@ static int __process_request(struct ksmbd_work *work, struct ksmbd_conn *conn,
andx_again: andx_again:
if (command >= conn->max_cmds) { if (command >= conn->max_cmds) {
conn->ops->set_rsp_status(work, STATUS_INVALID_PARAMETER); conn->ops->set_rsp_status(work, STATUS_INVALID_PARAMETER);
return TCP_HANDLER_CONTINUE; return SERVER_HANDLER_CONTINUE;
} }
cmds = &conn->cmds[command]; cmds = &conn->cmds[command];
if (!cmds->proc) { if (!cmds->proc) {
ksmbd_debug(SMB, "*** not implemented yet cmd = %x\n", command); ksmbd_debug(SMB, "*** not implemented yet cmd = %x\n", command);
conn->ops->set_rsp_status(work, STATUS_NOT_IMPLEMENTED); conn->ops->set_rsp_status(work, STATUS_NOT_IMPLEMENTED);
return TCP_HANDLER_CONTINUE; return SERVER_HANDLER_CONTINUE;
} }
if (work->sess && conn->ops->is_sign_req(work, command)) { if (work->sess && conn->ops->is_sign_req(work, command)) {
ret = conn->ops->check_sign_req(work); ret = conn->ops->check_sign_req(work);
if (!ret) { if (!ret) {
conn->ops->set_rsp_status(work, STATUS_ACCESS_DENIED); conn->ops->set_rsp_status(work, STATUS_ACCESS_DENIED);
return TCP_HANDLER_CONTINUE; return SERVER_HANDLER_CONTINUE;
} }
} }
@ -153,8 +153,8 @@ andx_again:
} }
if (work->send_no_response) if (work->send_no_response)
return TCP_HANDLER_ABORT; return SERVER_HANDLER_ABORT;
return TCP_HANDLER_CONTINUE; return SERVER_HANDLER_CONTINUE;
} }
static void __handle_ksmbd_work(struct ksmbd_work *work, static void __handle_ksmbd_work(struct ksmbd_work *work,
@ -203,7 +203,7 @@ static void __handle_ksmbd_work(struct ksmbd_work *work,
do { do {
rc = __process_request(work, conn, &command); rc = __process_request(work, conn, &command);
if (rc == TCP_HANDLER_ABORT) if (rc == SERVER_HANDLER_ABORT)
break; break;
/* /*

9
fs/ksmbd/smb2misc.c
View File

@ -423,8 +423,13 @@ int ksmbd_smb2_check_message(struct ksmbd_work *work)
return 1; return 1;
} }
return work->conn->vals->capabilities & SMB2_GLOBAL_CAP_LARGE_MTU ? if ((work->conn->vals->capabilities & SMB2_GLOBAL_CAP_LARGE_MTU) &&
smb2_validate_credit_charge(hdr) : 0; smb2_validate_credit_charge(hdr)) {
work->conn->ops->set_rsp_status(work, STATUS_INVALID_PARAMETER);
return 1;
}
return 0;
} }
int smb2_negotiate_request(struct ksmbd_work *work) int smb2_negotiate_request(struct ksmbd_work *work)