From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 93840BA49 for ; Tue, 7 Mar 2023 18:33:01 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id EC67BC433EF; Tue, 7 Mar 2023 18:33:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1678213981; bh=uVl/eah+6h8ysObM2Lge6bkmzbjcFM3n5bfX/rW/rmc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=KtcltsA2KZMqp0z0WpriZKVKcI4fJPi6yfQqLL64NkkYTzUAL20Bm1oENuTXn/jsP thdmKg0jXNo16yVedB+XMO2QDaEs3NXczx/LLHOCurntCYhfZuqzBSV0WewDv6Av6J vJyqRP1t0W0Uv96BF4qj8WVcAg1JVuYWRzKVCaXU= From: Greg Kroah-Hartman To: stable@vger.kernel.org Cc: Greg Kroah-Hartman , patches@lists.linux.dev, Namjae Jeon , Steve French Subject: [PATCH 6.1 683/885] ksmbd: fix wrong data area length for smb2 lock request Date: Tue, 7 Mar 2023 18:00:17 +0100 Message-Id: <20230307170031.800875990@linuxfoundation.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230307170001.594919529@linuxfoundation.org> References: <20230307170001.594919529@linuxfoundation.org> User-Agent: quilt/0.67 Precedence: bulk X-Mailing-List: patches@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From: Namjae Jeon commit 8f8c43b125882ac14372f8dca0c8e50a59e78d79 upstream. When turning debug mode on, The following error message from ksmbd_smb2_check_message() is coming. ksmbd: cli req padded more than expected. Length 112 not 88 for cmd:10 mid:14 data area length calculation for smb2 lock request in smb2_get_data_area_len() is incorrect. Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3") Cc: stable@vger.kernel.org Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman --- fs/ksmbd/smb2misc.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) --- a/fs/ksmbd/smb2misc.c +++ b/fs/ksmbd/smb2misc.c @@ -149,15 +149,11 @@ static int smb2_get_data_area_len(unsign break; case SMB2_LOCK: { - int lock_count; + unsigned short lock_count; - /* - * smb2_lock request size is 48 included single - * smb2_lock_element structure size. - */ - lock_count = le16_to_cpu(((struct smb2_lock_req *)hdr)->LockCount) - 1; + lock_count = le16_to_cpu(((struct smb2_lock_req *)hdr)->LockCount); if (lock_count > 0) { - *off = __SMB2_HEADER_STRUCTURE_SIZE + 48; + *off = offsetof(struct smb2_lock_req, locks); *len = sizeof(struct smb2_lock_element) * lock_count; } break;