git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Namjae Jeon <linkinjeon@kernel.org>
	Mon, 18 Dec 2023 15:34:17 +0000 (00:34 +0900)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 23 Dec 2023 09:41:57 +0000 (10:41 +0100)
commit	5c0df9d30c289d6b9d7d44e2a450de2f8e3cf40b
tree	0100f68ad9b190292cbf080afacbb63f46005068	tree
parent	017d85c94f02090a87f4a473dbe0d6ee0da72693	commit \| diff

ksmbd: fix out of bounds in init_smb2_rsp_hdr()

[ Upstream commit 536bb492d39bb6c080c92f31e8a55fe9934f452b ]

If client send smb2 negotiate request and then send smb1 negotiate
request, init_smb2_rsp_hdr is called for smb1 negotiate request since
need_neg is set to false. This patch ignore smb1 packets after ->need_neg
is set to false.

Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-21541
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

fs/ksmbd/server.c		diff \| blob \| blame \| history
fs/ksmbd/smb_common.c		diff \| blob \| blame \| history
fs/ksmbd/smb_common.h		diff \| blob \| blame \| history