From patchwork Mon Dec 5 21:11:09 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pavel Shilovskiy X-Patchwork-Id: 9461505 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 1666E60231 for ; Mon, 5 Dec 2016 21:11:51 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0E3D528066 for ; Mon, 5 Dec 2016 21:11:51 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 032252807E; Mon, 5 Dec 2016 21:11:51 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A724A28066 for ; Mon, 5 Dec 2016 21:11:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752305AbcLEVLu (ORCPT ); Mon, 5 Dec 2016 16:11:50 -0500 Received: from mail-by2nam01on0128.outbound.protection.outlook.com ([104.47.34.128]:62696 "EHLO NAM01-BY2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752227AbcLEVLt (ORCPT ); Mon, 5 Dec 2016 16:11:49 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=COwS03aRckLjirD9cmXBdYVZkYgVGsKb97873tti3bA=; b=gYfEhRf1h5biVmr55VWjtWYTT07QM49+CfGDPIDgdGJgBtwSeyp/8SC4uOr9dq9VyPRNuxHH53g2v3VqYUTAhtn2XDV5c4j/ZrAg4iiDqCBEGsvi6joYTn672vIBExmyr1iUmd0I9lJYzxLPs8WbDo1CSjvsEbSVKfjDJsCh0HE= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=pshilov@microsoft.com; Received: from ubuntu-vm.corp.microsoft.com (2001:4898:80e8:a::63b) by MWHPR03MB2557.namprd03.prod.outlook.com (10.168.206.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.747.13; Mon, 5 Dec 2016 21:11:40 +0000 From: Pavel Shilovsky To: linux-cifs@vger.kernel.org Subject: [PATCH v2 3/5] CIFS: Fix a possible memory corruption in push locks Date: Mon, 5 Dec 2016 13:11:09 -0800 Message-Id: <1480972271-57692-4-git-send-email-pshilov@microsoft.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1480972271-57692-1-git-send-email-pshilov@microsoft.com> References: <1480972271-57692-1-git-send-email-pshilov@microsoft.com> MIME-Version: 1.0 X-Originating-IP: [2001:4898:80e8:a::63b] X-ClientProxiedBy: BY2PR06CA0069.namprd06.prod.outlook.com (10.166.106.165) To MWHPR03MB2557.namprd03.prod.outlook.com (10.168.206.19) X-MS-Office365-Filtering-Correlation-Id: ceee7860-625c-48a2-3588-08d41d534e9f X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001); SRVR:MWHPR03MB2557; X-Microsoft-Exchange-Diagnostics: 1; MWHPR03MB2557; 3:v9TepVptBgI5lEynYNZZwpU4RuLFjv8QV8MPOSTpy+feUdmlAih6YFyVHdaXLUG1SzF1FHoWRUNUwAeVfjdpf39wIsGRjo9BGFgt9KDdN1/telrtucfvgoUIWbIc+W08rmk3AiSd8T12p0T6BiVLnTZX275f3XGBUFJWZkafe5fq+slYfMqAvIB9KQQJeF2t0zo7dzxm9jDfKPT+J4//Rg8wfRaKi/KoqKMz5XGLVZGH0xmgLAkterQcSvDQzNAeJ7GazcvRJb52lTIwX9RNfA==; 25:cRJP971TNoBC2AnA29B5MaT0BgdXJms5DDqaTAZkkD55BNjLEKMayzx3GirffbyuVrz0ChWGjcXFNXX/u/TeUDBS0hT0j0qSgRy6h3AquDLiHBdfImvMfbvGjkxa0RWya2OXroA6me+gStcgEK3GqaLYl1weoqx2NVDroQGukNGAaWnjVLQneWaoyb8xaVbpEwXHUrToms1X0MY6Xes5V7Cc1FlnjXoi4snvR0UAIyWkvaCuZ8JS22rI69VRV1FJ1TjosnIPiyPIiyigrgFGQ6aGx7fGKiM346xxqa6HNrOpR9rzxsNYd2RzoqQzWbiDugEAG5G4GdvDSVnKYnDNpG0a+WmkbUPmzeUL835STnQ9JLp2cCntseWBNGGqDlOW+LW2jQT3N0hAdGwNImqWeiT9yR5HUDdOvtdX3qiYm81QRsILuevYXkCqWqX+uVTMsJ3GyEuO74VOORCd++1wDg== X-Microsoft-Exchange-Diagnostics: 1; MWHPR03MB2557; 31:oqAJl0Zf4qtatyjhOKZJWiIOrT94p9TpplQvvfVu0og396X9hXh+QztYI3PLsrCOcOGwvIfGWNGYaxsECzDulU9llR9XLOvTGdWGq7WD7F+BOM+U4xt8b8zyryd0jaEK0MfqOVRyMIvQY/vDqPCKN213uqNywkVpKWYA9iiQkBXxDPGBmwrQmwnCC5zJxXaPNwKABO6aTY73bJjy1WYk4TchEyE42PfpmSd5VcJO/0cd2IPqq3hqdS5fbI/IfVMLgdz7AxeCPK4/QaXwmuEcYfIZ1WIagVE90Zv4jdRa1+s=; 20:E+ZwPFDLQOVHfddxHB5f0yhcoP1VC9vE5iGKYUpffCvPKN+kSHipLCDQCNN8wD762lPxspkv6uL8lO6o2jpLOgeCOsMLXP/D7BuD3CIcj1YHypNvJK1CuKWNU7nOsI0eKYxENlHh8KTzzv+ZszIl2/AFFta6TgkCwcyvNKItoyP0l8DSIVANj2+s3vD+IHk+YPXlgTctPS9Ey3RAYF9Xo25kJj83/39LFpoz9bAAhdqxIo2SirWSrN0y5Yh1xIBOXRX2Z5TQpWtOp1FOOD93mvpT9tLloCzTv4+ZXowJHCYAorST0jGOGy3TB7g45rI+ck1SETMkPUL091ttdv3bc1ULA51BnPUZqkdeISmsgPCZaq4p+1UOUhPOhnNu2+PEhALMY7CMzgKLtb5obUWLBIWuClJnCEeWz6ydLOH/THqklVYSfh1YeSId4/2aSxqn7gm6uQWAmdN4Fr8Em/lB/87YhXu12PPoMUmrua0Vg6PrVtFuII3Zuas/dRqUXHCu X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(9452136761055); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6055026)(6041248)(20161123558021)(20161123562025)(20161123564025)(20161123560025)(20161123555025)(6047074)(6072148); SRVR:MWHPR03MB2557; BCL:0; PCL:0; RULEID:; SRVR:MWHPR03MB2557; X-Microsoft-Exchange-Diagnostics: 1; MWHPR03MB2557; 4:nC6lhWhW5xARUFg0isGIZSfQG4dUasyvVDzquuM1JVotI5NbQnlyxQsAagw28M73oZXUC5WiceDbK+8rMUwTmBIep7vGKPsGLWl/OIASBRIQR4C9WlvEGaYPOjxLvexPpjpXT/80U4mEV57/CVSexk9iC7gy+b+bKqnfqOC8izKEzadrItNOIZiXT+4JX+4CtWlPsUxc5Cl13P5RuCU9JMLcQoPogBMKNkxCvVuaV9vSN4AzQG55p2iOMdrHsxy1J2IQWfdTFOJJV/Dis/a9esF2DEK6GeSuQHNuxD6aAX5EaJkPFsYmRqJmzScRIdc3ALXlbGwEw4ikCUVkYyS7csJmRoyCEk13coNseqorjEIAH/MC6lXmC3JhR8efXo+PluEGlXVoG92K+BbVyAM1o/7C/3/upcOT+mrnfvIYbv5TSaliJQeCOjaJRuALhV5r2Msi1APXM22NicHjNIaIUTUvQOhquHeqZeutRBxIHcXWYGbtY3FFmNMlICvqWF0+gJe/UAmfzgLf7ayHVGgO4Nk12pQPlUflEfDOvgID1bs/x21icCXIA92ptkCputik0SaaigAUx4ygA+/G3NyVWxJlxcCc3Ao2fXXlXE3eanvThTywI9LA6o3YxsLalbnjaalLm6jERksGkrfdd7hAZcKICQ+8sKLetAWX1aXw2kxiM2oCbYaHZ/6UEGCmSKxb X-Forefront-PRVS: 0147E151B5 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(4630300001)(6009001)(7916002)(189002)(199003)(5003940100001)(36756003)(5005710100001)(10290500002)(6116002)(92566002)(450100001)(42186005)(47776003)(5660300001)(105586002)(50986999)(76176999)(68736007)(33646002)(106356001)(39450400002)(50226002)(107886002)(189998001)(10090500001)(2906002)(39850400001)(39840400001)(38730400001)(39860400001)(733004)(8676002)(6486002)(81166006)(2361001)(39410400001)(81156014)(86362001)(305945005)(6916009)(2351001)(48376002)(86612001)(575784001)(97736004)(101416001)(7736002)(6666003)(7846002)(2950100002)(110136003)(50466002); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR03MB2557; H:ubuntu-vm.corp.microsoft.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; MWHPR03MB2557; 23:Njm/IZ7xDQyn3r8vFl4m3IzdzsGKmjRPr9pG+gemF?= =?us-ascii?Q?FW40izk4REk9SiCNA88m5qLT1b1AE+au6wyUD1bwP5sW3fGY53WPwieF2aJl?= =?us-ascii?Q?FFFZhS81wK67hcLYy158Ao7puXyrb35T5jfF1ralFHHckHlxHJKBg55q9rSb?= =?us-ascii?Q?Coi19pLEiyXDGf5tjvQ6fAs/LrQ4QwgBJDyMwImomuSo99rgxKMUc9kYuRhb?= =?us-ascii?Q?KOa8zYSoYt4sp+Jk2Yff3UDXbqv4PAROtL6BmI5AcjW353AT2OOcKkL5yDti?= =?us-ascii?Q?UqNFEUY+UC2wKxZ6xNKfDS4nd/5K1nbx8r1D2lT4tYZTzNkDNGP1+ybvGlir?= =?us-ascii?Q?8twpLG1c0ToJa4uUAg64EXeVKrRnv5FpJJCdcypgVg7Ban1Z3XdfaeJWrQx4?= =?us-ascii?Q?YDM2KWnl3dXGkrFCDcXOl/sMbjVSxatCKO9sxZJdZ2hFnCrkn92Rao6zTmsA?= =?us-ascii?Q?tZNWRbGbLUUbsDhIo/NGRC1Wst9ii3H5nHGjyF7nDeZSD0MJszbBEK+trL6q?= =?us-ascii?Q?8JaTlqB8kZ6BtE5mSMc0WrdOYvhKki5qr2b8O/USkulu2koEBTo81zovGrya?= =?us-ascii?Q?NBCD6O+Qox/ZlsmbnguTj5AQoBF3KIHAlHY3RmuyyfleLckUoYHE0RwEGdWp?= =?us-ascii?Q?TVDHp1sseJdaYc1Z/Ll8vdAqOb8A761P+dURLz7Bl16ZOpO9fBpb4hYmMdDO?= =?us-ascii?Q?jb9wJXMduMVAJ0PaEgfdaSWJKPaZdr5yu0l3C7bsQ6NWjVgnE+i35cEtV+oo?= =?us-ascii?Q?dY4hgSEcfKHDtBWTJEnytySPjc0BffEEygwLS3LM8h1Se14PiooG7pvlsJ2h?= =?us-ascii?Q?RDCebHLw77hKT4eMLBi4A4NrQ2Vwneav6RPEzpmg+h/9FFE9UVdXl9+0/xqG?= =?us-ascii?Q?yrkkMjaxP3/okw9fe0tBEpoTK6E+r3nG+scgD3PV9YC/2uwDC3U/NhtfuLDK?= =?us-ascii?Q?BLMquOOOY3y+47o6HQgV6eVUHAFUyrbu+47plFy5d0cJ0nc9r0A9Ki0313ez?= =?us-ascii?Q?SIs6QULZciCB+GJ4LfVH5F4gN40m6UOcoB2o+WCMYGUQhGkUS3Jk1tPxxASK?= =?us-ascii?Q?ct34zWTjUY1tbus6MwcnVyVsaXRP8xXe68AY9eYRaFULhEDyG+6Qfp6nzc6X?= =?us-ascii?Q?RyNbtq6bQAGucaBckRrJ6yMru3bsBW2ep/1HRNNZ+lEMoymiKDBCNWbVapTZ?= =?us-ascii?Q?SZFBJsGjMLOLu7nt0zbZEyYtIStdeFBhW/Uzchr3kJAdB/KMjSU1RXz56r6z?= =?us-ascii?Q?WyLbErufp7bzAsZjr/Fk4siLqW2tqseR01TmO9lbhEMjd0YDRcGdYqk0q/MW?= =?us-ascii?Q?UEP5t/SCwCdYs6C1bYoIQI=3D?= X-Microsoft-Exchange-Diagnostics: 1; MWHPR03MB2557; 6:6nlR7OBCatEESwEDHudN+tvue7YipoyKY+7S04NQBS40RFPAqEvhjN0kEiaZ7XRk4ZuiygSkYbC6/ldAP5GGFJV3mBhMmvJpvle/FzqUEYXhiBXyFiqpoLM2ALr+b3mgRcheDYaYsVCE6ENT7Y8YdcfC5TAsiRR8xU0r36jZwcjPBNfIIoJnf6Whpb4qluoP5ZIHLkDc1QMsWXe/Vee2uxSE1GTBm8yKRGOPT2awGBq8XpXcJ/wCuhFWSQqJrl+XNyGRpuQ4++fKW2QiMhpjsuGBzEhUDmrv6Hgd8nZ1le3s1i7fmPK+GmtpjCTS5+WIXc8CdzQh0BncMdn4/YYAbcTkSg5CZFkSSqTQAvNGtHrvewVN9CBa8BtN2hTVIKyrmd8IzNnENwjU7QEE/xSS0j9KXL01gZkPwasrp415k0XxiyklE0eNNOkwByKVr7Piu03tuEyfPx4b5GLJtfWmOT83oBepBv4STQK8VaQtLqQHDy5lO/f/78R/jsvf5Jww; 5:HNMFVp6PP+altJSgVT2TaCtxGiK/8LlUSXXf5wyQk6AXrHiPMVLk9PPPIsph1K3/EhPA2IHckR165AnZ735VF5FDLa33NLQQozX5hrU3Qu9OFue4Dl7X76/mZ+HezJlQNK7a7yT6fof4xuHddwXq3Q==; 24:Eh+rVySizjsGS8sEiq/IcreJp2i1Rx5hLMeBxFnoM420R7Gokz1R1AEnznm7s0eMAO+iPOEGxV4mjv1AFOH5mdCGYw42JPfldyPp6brc2+w= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; MWHPR03MB2557; 7:AMwy2MipqBzEWm9avZquikP18ICvEhjF/V2OpZoYDG5cOdnPxUpJmLLwwVDOy21nJc4dY42hzLHB0E98RPYDnXW3ANSmEiq186Q9RRvJsMnV1E/iSz8Jm+KZI1wwR4/i9aezpBn7jdR9mxbPcaGnwgANihO/T0RYbAdndXJf7GP75ehLTQXvrw2Jp+NWH017pHdaBZJMevK7uLM9ssMPg0O86rb8Fceaqgc54xol/MFWNsz76O+UOfGXISnSNt1GWpVrpvvX06XAoNkGPHqXeoH/lBh/Q8/7R4BOVbJhT7WWd18F3/giJY/Berl9pnhyvuCsKtsYoCzFz9IPqTwBbOmjkiKUny4ufsiqPuFyPagJWwRcRPywZGGRvLpvAKgJ0rmF111onztuZ8OMlGn0zcheENzScIwZU1n1rAT2+wNxvPHvohA3mhTnoHXc2h6Zr8NYkkMJz3OPwb2arUANTg== X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Dec 2016 21:11:40.3349 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR03MB2557 Sender: linux-cifs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP If maxBuf is not 0 but less than a size of SMB2 lock structure we can end up with a memory corruption. Cc: Stable Signed-off-by: Pavel Shilovsky Acked-by: Sachin Prabhu --- fs/cifs/smb2file.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/cifs/smb2file.c b/fs/cifs/smb2file.c index f9e766f..b2aff0c 100644 --- a/fs/cifs/smb2file.c +++ b/fs/cifs/smb2file.c @@ -260,7 +260,7 @@ smb2_push_mandatory_locks(struct cifsFileInfo *cfile) * and check it for zero before using. */ max_buf = tlink_tcon(cfile->tlink)->ses->server->maxBuf; - if (!max_buf) { + if (max_buf < sizeof(struct smb2_lock_element)) { free_xid(xid); return -EINVAL; }