| Message ID | 20211028231317.18522-1-linkinjeon@kernel.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | ksmbd: don't need 8byte alignment for request length in ksmbd_check_message | expand |
Acked-by: Hyunchul Lee <hyc.lee@gmail.com> 2021년 10월 29일 (금) 오전 8:13, Namjae Jeon <linkinjeon@kernel.org>님이 작성: > > When validating request length in ksmbd_check_message, 8byte alignment > is not needed for compound request. It can cause wrong validation > of request length. > > Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> > --- > fs/ksmbd/smb2misc.c | 6 ++---- > 1 file changed, 2 insertions(+), 4 deletions(-) > > diff --git a/fs/ksmbd/smb2misc.c b/fs/ksmbd/smb2misc.c > index 2385622cc3c8..0239fa96926c 100644 > --- a/fs/ksmbd/smb2misc.c > +++ b/fs/ksmbd/smb2misc.c > @@ -353,12 +353,10 @@ int ksmbd_smb2_check_message(struct ksmbd_work *work) > __u32 clc_len; /* calculated length */ > __u32 len = get_rfc1002_len(pdu); > > - if (le32_to_cpu(hdr->NextCommand) > 0) { > + if (le32_to_cpu(hdr->NextCommand) > 0) > len = le32_to_cpu(hdr->NextCommand); > - } else if (work->next_smb2_rcv_hdr_off) { > + else if (work->next_smb2_rcv_hdr_off) > len -= work->next_smb2_rcv_hdr_off; > - len = round_up(len, 8); > - } > > if (check_smb2_hdr(hdr)) > return 1; > -- > 2.25.1 >
diff --git a/fs/ksmbd/smb2misc.c b/fs/ksmbd/smb2misc.c index 2385622cc3c8..0239fa96926c 100644 --- a/fs/ksmbd/smb2misc.c +++ b/fs/ksmbd/smb2misc.c @@ -353,12 +353,10 @@ int ksmbd_smb2_check_message(struct ksmbd_work *work) __u32 clc_len; /* calculated length */ __u32 len = get_rfc1002_len(pdu); - if (le32_to_cpu(hdr->NextCommand) > 0) { + if (le32_to_cpu(hdr->NextCommand) > 0) len = le32_to_cpu(hdr->NextCommand); - } else if (work->next_smb2_rcv_hdr_off) { + else if (work->next_smb2_rcv_hdr_off) len -= work->next_smb2_rcv_hdr_off; - len = round_up(len, 8); - } if (check_smb2_hdr(hdr)) return 1;
When validating request length in ksmbd_check_message, 8byte alignment is not needed for compound request. It can cause wrong validation of request length. Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> --- fs/ksmbd/smb2misc.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-)