MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-07-05 13:25:20 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
v6.6/standard/intel-sdk-6.6/intel-socfpga
linux-yocto/fs/smb
History
Pali Rohár 848d78e362 cifs: Fix validation of SMB1 query reparse point response 
[ Upstream commit 56e84c64fc257a95728ee73165456b025c48d408 ]

Validate the SMB1 query reparse point response per [MS-CIFS] section
2.2.7.2 NT_TRANSACT_IOCTL.

NT_TRANSACT_IOCTL response contains one word long setup data after which is
ByteCount member. So check that SetupCount is 1 before trying to read and
use ByteCount member.

Output setup data contains ReturnedDataLen member which is the output
length of executed IOCTL command by remote system. So check that output was
not truncated before transferring over network.

Change MaxSetupCount of NT_TRANSACT_IOCTL request from 4 to 1 as io_rsp
structure already expects one word long output setup data. This should
prevent server sending incompatible structure (in case it would be extended
in future, which is unlikely).

Change MaxParameterCount of NT_TRANSACT_IOCTL request from 2 to 0 as
NT IOCTL does not have any documented output parameters and this function
does not parse any output parameters at all.

Fixes: ed3e0a149b ("smb: client: implement ->query_reparse_point() for SMB1")
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2025-06-19 15:28:28 +02:00
..
client cifs: Fix validation of SMB1 query reparse point response 2025-06-19 15:28:28 +02:00
common smb: client: Store original IO parameters and prevent zero IO sizes 2025-06-04 14:41:54 +02:00
server ksmbd: use list_first_entry_or_null for opinfo_get_list() 2025-06-04 14:42:26 +02:00
Kconfig
Makefile