Commit 542027e1 authored by Namjae Jeon's avatar Namjae Jeon Committed by Steve French
Browse files

ksmbd: add bounds check for durable handle context 



Add missing bounds check for durable handle context.

Cc: stable@vger.kernel.org
Reported-by: default avatarNorbert Szetei <norbert@doyensec.com>
Tested-by: default avatarNorbert Szetei <norbert@doyensec.com>
Signed-off-by: default avatarNamjae Jeon <linkinjeon@kernel.org>
Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
parent ae989ee1

fs/smb/server/smb2pdu.c

+21 −0
Original line number Diff line number Diff line
@@ -2708,6 +2708,13 @@ static int parse_durable_handle_context(struct ksmbd_work *work, 
				goto out;

			}



			if (le16_to_cpu(context->DataOffset) +

				le32_to_cpu(context->DataLength) <

			    sizeof(struct create_durable_reconn_v2_req)) {

				err = -EINVAL;

				goto out;

			}



			recon_v2 = (struct create_durable_reconn_v2_req *)context;

			persistent_id = recon_v2->Fid.PersistentFileId;

			dh_info->fp = ksmbd_lookup_durable_fd(persistent_id);
@@ -2741,6 +2748,13 @@ static int parse_durable_handle_context(struct ksmbd_work *work, 
				goto out;

			}



			if (le16_to_cpu(context->DataOffset) +

				le32_to_cpu(context->DataLength) <

			    sizeof(struct create_durable_reconn_req)) {

				err = -EINVAL;

				goto out;

			}



			recon = (struct create_durable_reconn_req *)context;

			persistent_id = recon->Data.Fid.PersistentFileId;

			dh_info->fp = ksmbd_lookup_durable_fd(persistent_id);
@@ -2766,6 +2780,13 @@ static int parse_durable_handle_context(struct ksmbd_work *work, 
				goto out;

			}



			if (le16_to_cpu(context->DataOffset) +

				le32_to_cpu(context->DataLength) <

			    sizeof(struct create_durable_req_v2)) {

				err = -EINVAL;

				goto out;

			}



			durable_v2_blob =

				(struct create_durable_req_v2 *)context;

			ksmbd_debug(SMB, "Request for durable v2 open\n");