git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
	Mon, 26 Sep 2022 03:36:30 +0000 (11:36 +0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Mon, 24 Oct 2022 07:56:52 +0000 (09:56 +0200)
commit	1c1225288bde032283dd1b5f0c43cea2216ab1af
tree	daf7121237432f26e3873aa8752d66a8f25a2034	tree
parent	230a44aaf9a082c8cc0bdf42e7690b6d8365d4af	commit \| diff

ksmbd: Fix wrong return value and message length check in smb2_ioctl()

commit b1763d265af62800ec96eeb79803c4c537dcef3a upstream.

Commit c7803b05f74b ("smb3: fix ksmbd bigendian bug in oplock
break, and move its struct to smbfs_common") use the defination
of 'struct validate_negotiate_info_req' in smbfs_common, the
array length of 'Dialects' changed from 1 to 4, but the protocol
does not require the client to send all 4. This lead the request
which satisfied with protocol and server to fail.

So just ensure the request payload has the 'DialectCount' in
smb2_ioctl(), then fsctl_validate_negotiate_info() will use it
to validate the payload length and each dialect.

Also when the {in, out}_buf_len is less than the required, should
goto out to initialize the status in the response header.

Fixes: f7db8fd03a4b ("ksmbd: add validation in smb2_ioctl")
Cc: stable@vger.kernel.org
Signed-off-by: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>