ksmbd: add validation for FILE_FULL_EA_INFORMATION of smb2_get_info

Add validation to check whether req->InputBufferLength is smaller than smb2_ea_info_req structure size. Cc: Ronnie Sahlberg <ronniesahlberg@gmail.com> Cc: Ralph Böhme <slow@samba.org> Cc: Steve French <smfrench@gmail.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com>
author: Namjae Jeon <linkinjeon@kernel.org> 2021-09-18 18:45:12 +0900
committer: Steve French <stfrench@microsoft.com> 2021-09-18 10:51:38 -0500
commit: 6d56262c3d224699b29b9bb6b4ace8bab7d692c2 (patch)
tree: 754304672f5a85b512264d56051cfcce76d46b94 /fs/ksmbd
parent: f58eae6c5fa882d6d0a6b7587a099602a59d57b5 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c
index 46e0275a77a8..6304c9bda479 100644
--- a/fs/ksmbd/smb2pdu.c
+++ b/fs/ksmbd/smb2pdu.c
@@ -4045,6 +4045,10 @@ static int smb2_get_ea(struct ksmbd_work *work, struct ksmbd_file *fp,
 	path = &fp->filp->f_path;
 	/* single EA entry is requested with given user.* name */
 	if (req->InputBufferLength) {
+		if (le32_to_cpu(req->InputBufferLength) <
+		    sizeof(struct smb2_ea_info_req))
+			return -EINVAL;
+
 		ea_req = (struct smb2_ea_info_req *)req->Buffer;
 	} else {
 		/* need to send all EAs, if no specific EA is requested*/
author	Namjae Jeon <linkinjeon@kernel.org>	2021-09-18 18:45:12 +0900
committer	Steve French <stfrench@microsoft.com>	2021-09-18 10:51:38 -0500
commit	6d56262c3d224699b29b9bb6b4ace8bab7d692c2 (patch)
tree	754304672f5a85b512264d56051cfcce76d46b94 /fs/ksmbd
parent	f58eae6c5fa882d6d0a6b7587a099602a59d57b5 (diff)