diff options
author | Namjae Jeon <linkinjeon@kernel.org> | 2021-09-24 03:17:30 +0300 |
---|---|---|
committer | Steve French <stfrench@microsoft.com> | 2021-10-06 08:23:00 +0300 |
commit | 363999901116ffa9a5462215fef25ea9c7f2823c (patch) | |
tree | 455be8212ffe20e9c6b7cac6de637e091feced15 /fs/ksmbd/connection.c | |
parent | 9e1ff307c779ce1f0f810c7ecce3d95bbae40896 (diff) | |
download | linux-363999901116ffa9a5462215fef25ea9c7f2823c.tar.xz |
ksmbd: add the check to vaildate if stream protocol length exceeds maximum value
This patch add MAX_STREAM_PROT_LEN macro and check if stream protocol
length exceeds maximum value. opencode pdu size check in
ksmbd_pdu_size_has_room().
Cc: Tom Talpey <tom@talpey.com>
Cc: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Cc: Ralph Böhme <slow@samba.org>
Acked-by: Hyunchul Lee <hyc.lee@gmail.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Diffstat (limited to 'fs/ksmbd/connection.c')
-rw-r--r-- | fs/ksmbd/connection.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/fs/ksmbd/connection.c b/fs/ksmbd/connection.c index af086d35398a..48b18b4ec117 100644 --- a/fs/ksmbd/connection.c +++ b/fs/ksmbd/connection.c @@ -296,10 +296,12 @@ int ksmbd_conn_handler_loop(void *p) pdu_size = get_rfc1002_len(hdr_buf); ksmbd_debug(CONN, "RFC1002 header %u bytes\n", pdu_size); - /* make sure we have enough to get to SMB header end */ - if (!ksmbd_pdu_size_has_room(pdu_size)) { - ksmbd_debug(CONN, "SMB request too short (%u bytes)\n", - pdu_size); + /* + * Check if pdu size is valid (min : smb header size, + * max : 0x00FFFFFF). + */ + if (pdu_size < __SMB2_HEADER_STRUCTURE_SIZE || + pdu_size > MAX_STREAM_PROT_LEN) { continue; } |