[PATCH v7 0/9] Buffer validation and compound handling patches

public inbox for linux-cifs@vger.kernel.org
 help / color / mirror / Atom feed

From: Ralph Boehme <slow@samba.org>
To: linux-cifs@vger.kernel.org
Cc: Ralph Boehme <slow@samba.org>
Subject: [PATCH v7 0/9] Buffer validation and compound handling patches
Date: Tue,  5 Oct 2021 07:03:34 +0200	[thread overview]
Message-ID: <20211005050343.268514-1-slow@samba.org> (raw)

v2:
  - update comments of smb2_get_data_area_len().
  - fix wrong buffer size check in fsctl_query_iface_info_ioctl().
  - fix 32bit overflow in smb2_set_info.

v3:
  - add buffer check for ByteCount of smb negotiate request.
  - Moved buffer check of to the top of loop to avoid unneeded behavior when
    out_buf_len is smaller than network_interface_info_ioctl_rsp.
  - get correct out_buf_len which doesn't exceed max stream protocol length.
  - subtract single smb2_lock_element for correct buffer size check in
    ksmbd_smb2_check_message().

v4: 
  - use work->response_sz for out_buf_len calculation in smb2_ioctl.
  - move smb2_neg size check to above to validate NegotiateContextOffset
    field.
  - remove unneeded dialect checks in smb2_sess_setup() and
    smb2_handle_negotiate().
  - split smb2_set_info patch into two patches(declaring
    smb2_file_basic_info and buffer check) 

v5:
  - remove PDU size validation from ksmbd_conn_handler_loop()
  - add PDU size validation to ksmbd_smb2_check_message()
  - fix compound non-related request handling

v6:
  - check we can access ProtocolId in ksmbd_verify_smb_message()
  - optimize tcon and session check functions for compound related PDUs
  - drop patch that broke SMB1 negprot
  - check credits after fully validating PDU size

v7:
  - drop header size check in ksmbd_verify_smb_message()
  - fix invalid read when accessing StructureSize2 in
    ksmbd_smb2_check_message()
  - validate credit charge after validating SMB2 PDU body size

Ralph Boehme (9):
  ksmbd: use ksmbd_req_buf_next() in ksmbd_verify_smb_message()
  ksmbd: use ksmbd_req_buf_next() in ksmbd_smb2_check_message()
  ksmbd: add and use ksmbd_smb2_cur_pdu_buflen() in
    ksmbd_smb2_check_message()
  ksmbd: check buffer is big enough to access the SMB2 PUD body size
    field
  ksmdb: validate credit charge after validating SMB2 PDU body size
  ksmdb: use cmd helper variable in smb2_get_ksmbd_tcon()
  ksmdb: make smb2_get_ksmbd_tcon() callable with chained PDUs
  ksmbd: make smb2_check_user_session() callable for compound PDUs
  ksmdb: move session and tcon validation to __process_request()

 fs/ksmbd/ksmbd_work.h |  1 +
 fs/ksmbd/server.c     | 46 +++++++++++++++++++++-------------
 fs/ksmbd/smb2misc.c   | 58 +++++++++++++++++++++++++++----------------
 fs/ksmbd/smb2pdu.c    | 39 +++++++++++++++++++++++------
 fs/ksmbd/smb2pdu.h    |  1 +
 fs/ksmbd/smb_common.c |  2 +-
 6 files changed, 101 insertions(+), 46 deletions(-)

-- 
2.31.1

next             reply	other threads:[~2021-10-05  5:04 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-10-05  5:03 Ralph Boehme [this message]
2021-10-05  5:03 ` [PATCH v7 1/9] ksmbd: use ksmbd_req_buf_next() in ksmbd_verify_smb_message() Ralph Boehme
2021-10-05  7:26   ` Namjae Jeon
2021-10-05  5:03 ` [PATCH v7 2/9] ksmbd: use ksmbd_req_buf_next() in ksmbd_smb2_check_message() Ralph Boehme
2021-10-05  7:27   ` Namjae Jeon
2021-10-05  5:03 ` [PATCH v7 3/9] ksmbd: add and use ksmbd_smb2_cur_pdu_buflen() " Ralph Boehme
2021-10-05  7:29   ` Namjae Jeon
2021-10-05  7:46     ` Ralph Boehme
2021-10-06 23:42       ` Namjae Jeon
2021-10-05  5:03 ` [PATCH v7 4/9] ksmbd: check buffer is big enough to access the SMB2 PUD body size field Ralph Boehme
2021-10-05  5:03 ` [PATCH v7 5/9] ksmdb: validate credit charge after validating SMB2 PDU body size Ralph Boehme
2021-10-05  7:58   ` Namjae Jeon
2021-10-05  5:03 ` [PATCH v7 6/9] ksmdb: use cmd helper variable in smb2_get_ksmbd_tcon() Ralph Boehme
2021-10-05  7:59   ` Namjae Jeon
2021-10-05  5:03 ` [PATCH v7 7/9] ksmdb: make smb2_get_ksmbd_tcon() callable with chained PDUs Ralph Boehme
2021-10-05  5:03 ` [PATCH v7 8/9] ksmbd: make smb2_check_user_session() callable for compound PDUs Ralph Boehme
2021-10-05  5:03 ` [PATCH v7 9/9] ksmdb: move session and tcon validation to __process_request() Ralph Boehme

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20211005050343.268514-1-slow@samba.org \
    --to=slow@samba.org \
    --cc=linux-cifs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox