From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5BEF9BA4F for ; Tue, 7 Mar 2023 19:06:33 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B2946C4339B; Tue, 7 Mar 2023 19:06:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1678215993; bh=3+hqFyXdgYMYYXh8L/weifftQoMrvDofd56QJCZw6VQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=2iDyaihSt7wMuXyLGcO5WEvZCCmPMgo2G44lorlOsvO1KIj/qchnOETx9e/AayEnR mo6M0v5MOuMUnFPYxtPxVwPRiSLNPpSk+32IKna/3tQ85VreltatkTTSGdQZX+JmGX bMT4DrSJ+8rzkVwGpor6EvkGTdRg3FYrPHVOWXmk= From: Greg Kroah-Hartman To: stable@vger.kernel.org Cc: Greg Kroah-Hartman , patches@lists.linux.dev, Namjae Jeon , Steve French Subject: [PATCH 5.15 441/567] ksmbd: fix wrong data area length for smb2 lock request Date: Tue, 7 Mar 2023 18:02:57 +0100 Message-Id: <20230307165925.013453566@linuxfoundation.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230307165905.838066027@linuxfoundation.org> References: <20230307165905.838066027@linuxfoundation.org> User-Agent: quilt/0.67 Precedence: bulk X-Mailing-List: patches@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From: Namjae Jeon commit 8f8c43b125882ac14372f8dca0c8e50a59e78d79 upstream. When turning debug mode on, The following error message from ksmbd_smb2_check_message() is coming. ksmbd: cli req padded more than expected. Length 112 not 88 for cmd:10 mid:14 data area length calculation for smb2 lock request in smb2_get_data_area_len() is incorrect. Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3") Cc: stable@vger.kernel.org Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman --- fs/ksmbd/smb2misc.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) --- a/fs/ksmbd/smb2misc.c +++ b/fs/ksmbd/smb2misc.c @@ -150,15 +150,11 @@ static int smb2_get_data_area_len(unsign break; case SMB2_LOCK: { - int lock_count; + unsigned short lock_count; - /* - * smb2_lock request size is 48 included single - * smb2_lock_element structure size. - */ - lock_count = le16_to_cpu(((struct smb2_lock_req *)hdr)->LockCount) - 1; + lock_count = le16_to_cpu(((struct smb2_lock_req *)hdr)->LockCount); if (lock_count > 0) { - *off = __SMB2_HEADER_STRUCTURE_SIZE + 48; + *off = offsetof(struct smb2_lock_req, locks); *len = sizeof(struct smb2_lock_element) * lock_count; } break;