android/android_kernel_samsung_sm8650
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
447f325497
android_kernel_samsung_sm8650/fs/ksmbd
History
Namjae Jeon e01fc7caac ksmbd: validate smb request protocol id 
[ Upstream commit 1c1bcf2d3ea061613119b534f57507c377df20f9 ]

This patch add the validation for smb request protocol id.
If it is not one of the four ids(SMB1_PROTO_NUMBER, SMB2_PROTO_NUMBER,
SMB2_TRANSFORM_PROTO_NUM, SMB2_COMPRESSION_TRANSFORM_ID), don't allow
processing the request. And this will fix the following KASAN warning
also.

[   13.905265] BUG: KASAN: slab-out-of-bounds in init_smb2_rsp_hdr+0x1b9/0x1f0
[   13.905900] Read of size 16 at addr ffff888005fd2f34 by task kworker/0:2/44
...
[   13.908553] Call Trace:
[   13.908793]  <TASK>
[   13.908995]  dump_stack_lvl+0x33/0x50
[   13.909369]  print_report+0xcc/0x620
[   13.910870]  kasan_report+0xae/0xe0
[   13.911519]  kasan_check_range+0x35/0x1b0
[   13.911796]  init_smb2_rsp_hdr+0x1b9/0x1f0
[   13.912492]  handle_ksmbd_work+0xe5/0x820

Cc: stable@vger.kernel.org
Reported-by: Chih-Yen Chang <cc85nod@gmail.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-06-21 16:00:51 +02:00
..
mgmt ksmbd: fix racy issue from smb2 close and logoff with multichannel 2023-05-17 11:53:57 +02:00
asn1.c ksmbd: use oid registry functions to decode OIDs 2021-12-28 22:47:22 -06:00
asn1.h
auth.c ksmbd: fix deadlock in ksmbd_find_crypto_ctx() 2023-05-11 23:03:04 +09:00
auth.h ksmbd: fix encryption failure issue for session logoff response 2022-10-05 01:15:44 -05:00
connection.c ksmbd: validate smb request protocol id 2023-06-21 16:00:51 +02:00
connection.h ksmbd: fix racy issue from smb2 close and logoff with multichannel 2023-05-17 11:53:57 +02:00
crypto_ctx.c ksmbd: remove NTLMv1 authentication 2021-09-29 16:17:34 -05:00
crypto_ctx.h ksmbd: remove NTLMv1 authentication 2021-09-29 16:17:34 -05:00
glob.h ksmbd: fix version mismatch with out of tree 2021-10-07 10:18:34 -05:00
Kconfig ksmbd: remove md4 leftovers 2021-11-11 19:22:58 -06:00
ksmbd_netlink.h ksmbd: add max connections parameter 2023-02-01 08:34:37 +01:00
ksmbd_spnego_negtokeninit.asn1
ksmbd_spnego_negtokentarg.asn1
ksmbd_work.c ksmbd: Remove redundant 'flush_workqueue()' calls 2021-11-06 23:52:06 -05:00
ksmbd_work.h ksmbd: remove smb2_buf_length in smb2_hdr 2021-11-11 19:22:58 -06:00
Makefile
misc.c ksmbd: validate share name from share config response 2022-10-05 01:15:44 -05:00
misc.h ksmbd: validate share name from share config response 2022-10-05 01:15:44 -05:00
ndr.c ksmbd: downgrade ndr version error message to debug 2023-02-01 08:34:38 +01:00
ndr.h ksmbd: add user namespace support 2021-07-02 16:27:10 +09:00
nterr.h
ntlmssp.h treewide: Replace zero-length arrays with flexible-array members 2022-02-17 07:00:39 -06:00
oplock.c ksmbd: fix out-of-bound read in parse_lease_state() 2023-06-14 11:15:33 +02:00
oplock.h ksmbd: fix global-out-of-bounds in smb2_find_context_vals 2023-05-24 17:32:50 +01:00
server.c ksmbd: fix racy issue from session setup and logoff 2023-05-17 11:53:56 +02:00
server.h ksmbd: add max connections parameter 2023-02-01 08:34:37 +01:00
smb2misc.c ksmbd: smb2: Allow messages padded to 8byte boundary 2023-05-24 17:32:50 +01:00
smb2ops.c ksmbd: add support for smb2 max credit parameter 2022-01-10 12:44:19 -06:00
smb2pdu.c ksmbd: fix out-of-bound read in deassemble_neg_contexts() 2023-06-14 11:15:33 +02:00
smb2pdu.h ksmbd: destroy expired sessions 2023-05-17 11:53:56 +02:00
smb_common.c ksmbd: validate smb request protocol id 2023-06-21 16:00:51 +02:00
smb_common.h ksmbd: fix slab-out-of-bounds in init_smb2_rsp_hdr 2023-04-13 16:55:29 +02:00
smbacl.c ksmbd: port to vfs{g,u}id_t and associated helpers 2022-10-05 01:15:37 -05:00
smbacl.h ksmbd: port to vfs{g,u}id_t and associated helpers 2022-10-05 01:15:37 -05:00
smbfsctl.h
smbstatus.h
transport_ipc.c ksmbd: add max connections parameter 2023-02-01 08:34:37 +01:00
transport_ipc.h ksmbd: throttle session setup failures to avoid dictionary attacks 2021-10-20 00:07:10 -05:00
transport_rdma.c ksmbd: don't terminate inactive sessions after a few seconds 2023-03-30 12:49:26 +02:00
transport_rdma.h ksmbd: fix wrong smbd max read/write size check 2022-05-21 15:01:43 -05:00
transport_tcp.c ksmbd: fix racy issue from session setup and logoff 2023-05-17 11:53:56 +02:00
transport_tcp.h
unicode.c
unicode.h ksmbd: casefold utf-8 share names and fix ascii lowercase conversion 2022-10-05 01:15:37 -05:00
uniupr.h
vfs_cache.c ksmbd: fix possible memory leak in smb2_lock() 2023-03-10 09:34:07 +01:00
vfs_cache.h ksmbd: remove filename in ksmbd_file 2022-04-14 20:56:13 -05:00
vfs.c vfs: fix copy_file_range() averts filesystem freeze protection 2022-11-25 00:52:28 -05:00
vfs.h ksmbd: make utf-8 file name comparison work in __caseless_lookup() 2022-10-05 01:15:44 -05:00
xattr.h treewide: Replace zero-length arrays with flexible-array members 2022-02-17 07:00:39 -06:00