Commit 9f3ebbef authored by Linus Torvalds's avatar Linus Torvalds

Merge tag '6.6-rc3-ksmbd-server-fixes' of git://git.samba.org/ksmbd

Pull smb server fixes from Steve French:
 "Two SMB3 server fixes for null pointer dereferences:

   - invalid SMB3 request case (fixes issue found in testing the read
     compound patch)

   - iovec error case in response processing"

* tag '6.6-rc3-ksmbd-server-fixes' of git://git.samba.org/ksmbd:
  ksmbd: check iov vector index in ksmbd_conn_write()
  ksmbd: return invalid parameter error response if smb2 request is invalid
parents 14c06b91 73f949ea
...@@ -197,6 +197,9 @@ int ksmbd_conn_write(struct ksmbd_work *work) ...@@ -197,6 +197,9 @@ int ksmbd_conn_write(struct ksmbd_work *work)
if (work->send_no_response) if (work->send_no_response)
return 0; return 0;
if (!work->iov_idx)
return -EINVAL;
ksmbd_conn_lock(conn); ksmbd_conn_lock(conn);
sent = conn->transport->ops->writev(conn->transport, work->iov, sent = conn->transport->ops->writev(conn->transport, work->iov,
work->iov_cnt, work->iov_cnt,
......
...@@ -115,8 +115,10 @@ static int __process_request(struct ksmbd_work *work, struct ksmbd_conn *conn, ...@@ -115,8 +115,10 @@ static int __process_request(struct ksmbd_work *work, struct ksmbd_conn *conn,
if (check_conn_state(work)) if (check_conn_state(work))
return SERVER_HANDLER_CONTINUE; return SERVER_HANDLER_CONTINUE;
if (ksmbd_verify_smb_message(work)) if (ksmbd_verify_smb_message(work)) {
conn->ops->set_rsp_status(work, STATUS_INVALID_PARAMETER);
return SERVER_HANDLER_ABORT; return SERVER_HANDLER_ABORT;
}
command = conn->ops->get_cmd_val(work); command = conn->ops->get_cmd_val(work);
*cmd = command; *cmd = command;
......
...@@ -440,10 +440,8 @@ int ksmbd_smb2_check_message(struct ksmbd_work *work) ...@@ -440,10 +440,8 @@ int ksmbd_smb2_check_message(struct ksmbd_work *work)
validate_credit: validate_credit:
if ((work->conn->vals->capabilities & SMB2_GLOBAL_CAP_LARGE_MTU) && if ((work->conn->vals->capabilities & SMB2_GLOBAL_CAP_LARGE_MTU) &&
smb2_validate_credit_charge(work->conn, hdr)) { smb2_validate_credit_charge(work->conn, hdr))
work->conn->ops->set_rsp_status(work, STATUS_INVALID_PARAMETER);
return 1; return 1;
}
return 0; return 0;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment