diff mbox series

[v7,4/9] ksmbd: check buffer is big enough to access the SMB2 PUD body size field

Message ID 20211005050343.268514-5-slow@samba.org (mailing list archive)
State New, archived
Headers show
Series Buffer validation and compound handling patches | expand

Commit Message

Ralph Boehme Oct. 5, 2021, 5:03 a.m. UTC 
Cc: Namjae Jeon <linkinjeon@kernel.org>
Cc: Tom Talpey <tom@talpey.com>
Cc: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Cc: Steve French <smfrench@gmail.com>
Cc: Hyunchul Lee <hyc.lee@gmail.com>
Signed-off-by: Ralph Boehme <slow@samba.org>
---
 fs/ksmbd/smb2misc.c | 3 +++
 1 file changed, 3 insertions(+)
diff mbox series

Patch

diff --git a/fs/ksmbd/smb2misc.c b/fs/ksmbd/smb2misc.c
index 7ed266eb6c5e..50521b5a50b5 100644
--- a/fs/ksmbd/smb2misc.c
+++ b/fs/ksmbd/smb2misc.c
@@ -350,6 +350,9 @@  int ksmbd_smb2_check_message(struct ksmbd_work *work)
 		return 1;
 	}
 
+	if (len < sizeof(struct smb2_pdu) - 4)
+		return 1;
+
 	if (smb2_req_struct_sizes[command] != pdu->StructureSize2) {
 		if (command != SMB2_OPLOCK_BREAK_HE &&
 		    (hdr->Status == 0 || pdu->StructureSize2 != SMB2_ERROR_STRUCTURE_SIZE2_LE)) {