[PATCH v2 BACKPORT for 5.15 stable] ksmbd: Fix an error handling path in 'smb2_sess_setup()'
From: Christophe JAILLET christophe.jaillet@wanadoo.fr
All the error handling paths of 'smb2_sess_setup()' end to 'out_err'.
All but the new error handling path added by the commit given in the Fixes tag below.
Fix this error handling path and branch to 'out_err' as well.
Fixes: 0d994cd482ee ("ksmbd: add buffer validation in session setup") Cc: stable@vger.kernel.org # v5.15 Acked-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Christophe JAILLET christophe.jaillet@wanadoo.fr Signed-off-by: Steve French stfrench@microsoft.com --- v2: - add missing Steve's signoff tag.
fs/ksmbd/smb2pdu.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 589694af4e95..9ae1d19ebc38 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -1700,8 +1700,10 @@ int smb2_sess_setup(struct ksmbd_work *work) negblob_off = le16_to_cpu(req->SecurityBufferOffset); negblob_len = le16_to_cpu(req->SecurityBufferLength); if (negblob_off < (offsetof(struct smb2_sess_setup_req, Buffer) - 4) || - negblob_len < offsetof(struct negotiate_message, NegotiateFlags)) - return -EINVAL; + negblob_len < offsetof(struct negotiate_message, NegotiateFlags)) { + rc = -EINVAL; + goto out_err; + }
negblob = (struct negotiate_message *)((char *)&req->hdr.ProtocolId + negblob_off);
On Sun, Nov 28, 2021 at 10:04:03PM +0900, Namjae Jeon wrote:
From: Christophe JAILLET christophe.jaillet@wanadoo.fr
All the error handling paths of 'smb2_sess_setup()' end to 'out_err'.
All but the new error handling path added by the commit given in the Fixes tag below.
Fix this error handling path and branch to 'out_err' as well.
Fixes: 0d994cd482ee ("ksmbd: add buffer validation in session setup") Cc: stable@vger.kernel.org # v5.15 Acked-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Christophe JAILLET christophe.jaillet@wanadoo.fr Signed-off-by: Steve French stfrench@microsoft.com
v2:
- add missing Steve's signoff tag.
What is the git id of this in Linus's tree?
And why no signed-off-by: from you? Please add that when doing backports and you have to change things.
thanks,
greg k-h
2021-11-29 21:12 GMT+09:00, Greg KH gregkh@linuxfoundation.org:
On Sun, Nov 28, 2021 at 10:04:03PM +0900, Namjae Jeon wrote:
From: Christophe JAILLET christophe.jaillet@wanadoo.fr
All the error handling paths of 'smb2_sess_setup()' end to 'out_err'.
All but the new error handling path added by the commit given in the Fixes tag below.
Fix this error handling path and branch to 'out_err' as well.
Fixes: 0d994cd482ee ("ksmbd: add buffer validation in session setup") Cc: stable@vger.kernel.org # v5.15 Acked-by: Namjae Jeon linkinjeon@kernel.org Signed-off-by: Christophe JAILLET christophe.jaillet@wanadoo.fr Signed-off-by: Steve French stfrench@microsoft.com
v2:
- add missing Steve's signoff tag.
Hi Greg,
What is the git id of this in Linus's tree?
Sorry for that, My mistake, This patch in Linus's tree doesn't apply to linux-5.15. I found out later that I hadn't copied while re-creating it.
And why no signed-off-by: from you? Please add that when doing backports and you have to change things.
Ah, I didn't know my signoff-by should add it. and I will do that next time :)
Thanks for your mail!
thanks,
greg k-h
linux-stable-mirror@lists.linaro.org
-
Greg KH -
Namjae Jeon