From: Ralph Boehme <slow@samba.org>
To: linux-cifs@vger.kernel.org
Cc: Ralph Boehme <slow@samba.org>
Subject: [PATCH v6 00/14] Buffer validation patches
Date: Sat, 2 Oct 2021 15:11:58 +0200 [thread overview]
Message-ID: <20211002131212.130629-1-slow@samba.org> (raw)
v2:
- update comments of smb2_get_data_area_len().
- fix wrong buffer size check in fsctl_query_iface_info_ioctl().
- fix 32bit overflow in smb2_set_info.
v3:
- add buffer check for ByteCount of smb negotiate request.
- Moved buffer check of to the top of loop to avoid unneeded behavior when
out_buf_len is smaller than network_interface_info_ioctl_rsp.
- get correct out_buf_len which doesn't exceed max stream protocol length.
- subtract single smb2_lock_element for correct buffer size check in
ksmbd_smb2_check_message().
v4:
- use work->response_sz for out_buf_len calculation in smb2_ioctl.
- move smb2_neg size check to above to validate NegotiateContextOffset
field.
- remove unneeded dialect checks in smb2_sess_setup() and
smb2_handle_negotiate().
- split smb2_set_info patch into two patches(declaring
smb2_file_basic_info and buffer check)
v5:
- remove PDU size validation from ksmbd_conn_handler_loop()
- add PDU size validation to ksmbd_smb2_check_message()
- fix compound non-related request handling
v6:
- check we can access ProtocolId in ksmbd_verify_smb_message()
- optimize tcon and session check functions for compound related PDUs
- drop patch that broke SMB1 negprot
- check credits after fully validating PDU size
Namjae Jeon (4):
ksmbd: add the check to vaildate if stream protocol length exceeds
maximum value
ksmbd: add validation in smb2_ioctl
ksmbd: check strictly data area in ksmbd_smb2_check_message()
ksmbd: remove the leftover of smb2.0 dialect support
Ralph Boehme (10):
ksmbd: use ksmbd_req_buf_next() in ksmbd_verify_smb_message()
ksmbd: check buffer is big enough to access the ProtocolId field
ksmbd: use ksmbd_req_buf_next() in ksmbd_smb2_check_message()
ksmbd: use ksmbd_smb2_cur_pdu_buflen() in ksmbd_smb2_check_message()
ksmbd: check PDU len is at least header plus body size in
ksmbd_smb2_check_message()
ksmdb: use cmd helper variable in smb2_get_ksmbd_tcon()
ksmdb: make smb2_get_ksmbd_tcon() callable with chained PDUs
ksmbd: make smb2_check_user_session() callable for compound PDUs
ksmdb: move session and tcon validation to ksmbd_smb2_check_message()
ksmdb: validate credit charge after validating SMB2 PDU body size
fs/ksmbd/connection.c | 9 ++-
fs/ksmbd/ksmbd_work.h | 1 +
fs/ksmbd/server.c | 46 +++++++----
fs/ksmbd/smb2misc.c | 152 +++++++++++++++++++-----------------
fs/ksmbd/smb2ops.c | 5 --
fs/ksmbd/smb2pdu.c | 178 +++++++++++++++++++++++++++++-------------
fs/ksmbd/smb2pdu.h | 2 +-
fs/ksmbd/smb_common.c | 22 +++---
fs/ksmbd/smb_common.h | 4 +-
fs/ksmbd/vfs.c | 2 +-
fs/ksmbd/vfs.h | 2 +-
11 files changed, 256 insertions(+), 167 deletions(-)
--
2.31.1
next reply other threads:[~2021-10-02 13:12 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-02 13:11 Ralph Boehme [this message]
2021-10-02 13:11 ` [PATCH v6 01/14] ksmbd: add the check to vaildate if stream protocol length exceeds maximum value Ralph Boehme
2021-10-03 1:18 ` Namjae Jeon
2021-10-05 4:24 ` Ralph Boehme
2021-10-02 13:12 ` [PATCH v6 02/14] ksmbd: add validation in smb2_ioctl Ralph Boehme
2021-10-03 1:21 ` Namjae Jeon
2021-10-02 13:12 ` [PATCH v6 03/14] ksmbd: check strictly data area in ksmbd_smb2_check_message() Ralph Boehme
2021-10-02 13:12 ` [PATCH v6 04/14] ksmbd: remove the leftover of smb2.0 dialect support Ralph Boehme
2021-10-02 13:12 ` [PATCH v6 05/14] ksmbd: use ksmbd_req_buf_next() in ksmbd_verify_smb_message() Ralph Boehme
2021-10-02 13:12 ` [PATCH v6 06/14] ksmbd: check buffer is big enough to access the ProtocolId field Ralph Boehme
2021-10-02 13:12 ` [PATCH v6 07/14] ksmbd: use ksmbd_req_buf_next() in ksmbd_smb2_check_message() Ralph Boehme
2021-10-03 0:59 ` Namjae Jeon
2021-10-05 4:28 ` Ralph Boehme
2021-10-05 18:43 ` Steve French
2021-10-05 19:28 ` Ralph Boehme
2021-10-05 20:20 ` Steve French
2021-10-02 13:12 ` [PATCH v6 08/14] ksmbd: use ksmbd_smb2_cur_pdu_buflen() " Ralph Boehme
2021-10-02 13:12 ` [PATCH v6 09/14] ksmbd: check PDU len is at least header plus body size " Ralph Boehme
2021-10-03 1:11 ` Namjae Jeon
2021-10-05 4:32 ` Ralph Boehme
2021-10-02 13:12 ` [PATCH v6 10/14] ksmdb: use cmd helper variable in smb2_get_ksmbd_tcon() Ralph Boehme
2021-10-02 13:12 ` [PATCH v6 11/14] ksmdb: make smb2_get_ksmbd_tcon() callable with chained PDUs Ralph Boehme
2021-10-02 13:12 ` [PATCH v6 12/14] ksmbd: make smb2_check_user_session() callable for compound PDUs Ralph Boehme
2021-10-02 13:12 ` [PATCH v6 13/14] ksmdb: move session and tcon validation to ksmbd_smb2_check_message() Ralph Boehme
2021-10-02 13:12 ` [PATCH v6 14/14] ksmdb: validate credit charge after validating SMB2 PDU body size Ralph Boehme
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211002131212.130629-1-slow@samba.org \
--to=slow@samba.org \
--cc=linux-cifs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox