Skip to content

Commit

Permalink
smb: client: fix parsing of SMB3.1.1 POSIX create context
Browse files Browse the repository at this point in the history 
The data offset for the SMB3.1.1 POSIX create context will always be
8-byte aligned so having the check 'noff + nlen >= doff' in
smb2_parse_contexts() is wrong as it will lead to -EINVAL because noff
+ nlen == doff.

Fix the sanity check to correctly handle aligned create context data.

Fixes: af1689a ("smb: client: fix potential OOBs in smb2_parse_contexts()")
Signed-off-by: Paulo Alcantara <[email protected]>
Signed-off-by: Steve French <[email protected]>
  • Loading branch information
@pcacjr
pcacjr authored and Steve French committed Jan 19, 2024
1 parent cfb7a13 commit 76025cc
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion fs/smb/client/smb2pdu.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2277,7 +2277,7 @@ int smb2_parse_contexts(struct TCP_Server_Info *server,

noff = le16_to_cpu(cc->NameOffset);
nlen = le16_to_cpu(cc->NameLength);
if (noff + nlen >= doff)
if (noff + nlen > doff)
return -EINVAL;

name = (char *)cc + noff;
Expand Down

0 comments on commit 76025cc

Please sign in to comment.