Skip to content

K
Kernel

openeuler / Kernel
1 年多 前同步成功

通知 8
Star 0
Fork 0
K
Kernel
提交 1ba301c1 编写于 作者: N Namjae Jeon 提交者: Zhong Jinghua
浏览文件
操作

ksmbd: validate compound response buffer 

mainline inclusion
from mainline-5.15-rc7
commit dbad6300
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G
CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/dbad63001eac

-------------------------------

Add the check to validate compound response buffer.
Signed-off-by: NNamjae Jeon <linkinjeon@kernel.org>
Signed-off-by: NSteve French <stfrench@microsoft.com>
Signed-off-by: NJason Yan <yanaijie@huawei.com>
Signed-off-by: NZhong Jinghua <zhongjinghua@huawei.com>
上级 096cfc1b
隐藏空白更改
内联 并排
Showing with 6 addition and 0 deletion
fs/ksmbd/smb2pdu.c
浏览文件 @ 1ba301c1
......@@ -449,6 +449,12 @@ bool is_chained_smb2_message(struct ksmbd_work *work)
return false;
}
if ((u64)get_rfc1002_len(work->response_buf) + MAX_CIFS_SMALL_BUFFER_SIZE >
work->response_sz) {
pr_err("next response offset exceeds response buffer size\n");
return false;
}
ksmbd_debug(SMB, "got SMB2 chained command\n");
init_chained_smb2_rsp(work);
return true;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册