Commit d782d6e1 authored by Namjae Jeon's avatar Namjae Jeon Committed by Steve French
Browse files

ksmbd: remove unsafe_memcpy use in session setup 



Kees pointed out to just use directly ->Buffer instead of pointing
->Buffer using offset not to use unsafe_memcpy().

Suggested-by: default avatarKees Cook <kees@kernel.org>
Signed-off-by: default avatarNamjae Jeon <linkinjeon@kernel.org>
Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
parent 8bb04fb2

fs/smb/server/smb2pdu.c

+3 −9
Original line number Diff line number Diff line
@@ -1335,8 +1335,7 @@ static int ntlm_negotiate(struct ksmbd_work *work, 
		return rc;



	sz = le16_to_cpu(rsp->SecurityBufferOffset);

	chgblob =

		(struct challenge_message *)((char *)&rsp->hdr.ProtocolId + sz);

	chgblob = (struct challenge_message *)rsp->Buffer;

	memset(chgblob, 0, sizeof(struct challenge_message));



	if (!work->conn->use_spnego) {
@@ -1369,9 +1368,7 @@ static int ntlm_negotiate(struct ksmbd_work *work, 
		goto out;

	}



	sz = le16_to_cpu(rsp->SecurityBufferOffset);

	unsafe_memcpy((char *)&rsp->hdr.ProtocolId + sz, spnego_blob, spnego_blob_len,

			/* alloc is larger than blob, see smb2_allocate_rsp_buf() */);

	memcpy(rsp->Buffer, spnego_blob, spnego_blob_len);

	rsp->SecurityBufferLength = cpu_to_le16(spnego_blob_len);



out:
@@ -1453,10 +1450,7 @@ static int ntlm_authenticate(struct ksmbd_work *work, 
		if (rc)

			return -ENOMEM;



		sz = le16_to_cpu(rsp->SecurityBufferOffset);

		unsafe_memcpy((char *)&rsp->hdr.ProtocolId + sz, spnego_blob,

				spnego_blob_len,

				/* alloc is larger than blob, see smb2_allocate_rsp_buf() */);

		memcpy(rsp->Buffer, spnego_blob, spnego_blob_len);

		rsp->SecurityBufferLength = cpu_to_le16(spnego_blob_len);

		kfree(spnego_blob);

	}