mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-01-23 08:35:19 -05:00
3 smb3 server fixes
-----BEGIN PGP SIGNATURE----- iQGzBAABCgAdFiEE6fsu8pdIjtWE/DpLiiy9cAdyT1EFAmO8s+MACgkQiiy9cAdy T1FguAv/VtubPYJ5BgPjXSWY7dXlHAjjd6gZ6qkggwy6me3OLlG5px2+izLoEzBV q1hYWe4paQViZD/A4DpzSZTk4C5pJ8ZH3akjioKN1dwnDUyfMV/8bZKny768SpaN FUv8c/7X1sySiJGLhj1uhk+JHphwbiGd71VchwowdEE3HuTlQAE8TWp03v6bPI/I 8o9pLJiWlFFxiM7hIxH9O5xFNVnarojjOnMfMvultCexQd/YQ3xlk/T2CzmAvhOw /kaNWLmnWt1rOvjiAiiy4qUMMO04difpb9v54P2th108nxOzTLCAlS87pW0NPtZK 5CKm4UsjZ+Z4JWXy7YIfA8Qskf2rEpDZfBmydQkTLW09eawecgJC5Zg7JUZfRa2j ZcGNkxC3syJ6j1kSPiB5aWspaqegc0dFyIXlsylYLNOGnbapDvrvnUCeA7lCirTJ oI2fx+ibSERF8n4s5LSneYf9W00THF8F772o3t8gXqih9HQX3N/R30EaJLgG5mXS nNtE15be =leg1 -----END PGP SIGNATURE----- Merge tag '6.2-rc3-ksmbd-server-fixes' of git://git.samba.org/ksmbd Pull ksmb server fixes from Steve French: - fix possible infinite loop in socket handler - fix possible panic in ntlmv2 authentication - fix error handling on tree connect * tag '6.2-rc3-ksmbd-server-fixes' of git://git.samba.org/ksmbd: ksmbd: fix infinite loop in ksmbd_conn_handler_loop() ksmbd: check nt_len to be at least CIFS_ENCPWD_SIZE in ksmbd_decode_ntlmssp_auth_blob ksmbd: send proper error response in smb2_tree_connect()
This commit is contained in:
commit
40c18f363a
4 changed files with 16 additions and 6 deletions
|
@ -322,7 +322,8 @@ int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob,
|
|||
dn_off = le32_to_cpu(authblob->DomainName.BufferOffset);
|
||||
dn_len = le16_to_cpu(authblob->DomainName.Length);
|
||||
|
||||
if (blob_len < (u64)dn_off + dn_len || blob_len < (u64)nt_off + nt_len)
|
||||
if (blob_len < (u64)dn_off + dn_len || blob_len < (u64)nt_off + nt_len ||
|
||||
nt_len < CIFS_ENCPWD_SIZE)
|
||||
return -EINVAL;
|
||||
|
||||
/* TODO : use domain name that imported from configuration file */
|
||||
|
|
|
@ -316,9 +316,12 @@ int ksmbd_conn_handler_loop(void *p)
|
|||
|
||||
/* 4 for rfc1002 length field */
|
||||
size = pdu_size + 4;
|
||||
conn->request_buf = kvmalloc(size, GFP_KERNEL);
|
||||
conn->request_buf = kvmalloc(size,
|
||||
GFP_KERNEL |
|
||||
__GFP_NOWARN |
|
||||
__GFP_NORETRY);
|
||||
if (!conn->request_buf)
|
||||
continue;
|
||||
break;
|
||||
|
||||
memcpy(conn->request_buf, hdr_buf, sizeof(hdr_buf));
|
||||
if (!ksmbd_smb_request(conn))
|
||||
|
|
|
@ -1928,13 +1928,13 @@ int smb2_tree_connect(struct ksmbd_work *work)
|
|||
if (conn->posix_ext_supported)
|
||||
status.tree_conn->posix_extensions = true;
|
||||
|
||||
out_err1:
|
||||
rsp->StructureSize = cpu_to_le16(16);
|
||||
inc_rfc1001_len(work->response_buf, 16);
|
||||
out_err1:
|
||||
rsp->Capabilities = 0;
|
||||
rsp->Reserved = 0;
|
||||
/* default manual caching */
|
||||
rsp->ShareFlags = SMB2_SHAREFLAG_MANUAL_CACHING;
|
||||
inc_rfc1001_len(work->response_buf, 16);
|
||||
|
||||
if (!IS_ERR(treename))
|
||||
kfree(treename);
|
||||
|
@ -1967,6 +1967,9 @@ out_err1:
|
|||
rsp->hdr.Status = STATUS_ACCESS_DENIED;
|
||||
}
|
||||
|
||||
if (status.ret != KSMBD_TREE_CONN_STATUS_OK)
|
||||
smb2_set_err_rsp(work);
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
||||
|
|
|
@ -295,6 +295,7 @@ static int ksmbd_tcp_readv(struct tcp_transport *t, struct kvec *iov_orig,
|
|||
struct msghdr ksmbd_msg;
|
||||
struct kvec *iov;
|
||||
struct ksmbd_conn *conn = KSMBD_TRANS(t)->conn;
|
||||
int max_retry = 2;
|
||||
|
||||
iov = get_conn_iovec(t, nr_segs);
|
||||
if (!iov)
|
||||
|
@ -321,9 +322,11 @@ static int ksmbd_tcp_readv(struct tcp_transport *t, struct kvec *iov_orig,
|
|||
} else if (conn->status == KSMBD_SESS_NEED_RECONNECT) {
|
||||
total_read = -EAGAIN;
|
||||
break;
|
||||
} else if (length == -ERESTARTSYS || length == -EAGAIN) {
|
||||
} else if ((length == -ERESTARTSYS || length == -EAGAIN) &&
|
||||
max_retry) {
|
||||
usleep_range(1000, 2000);
|
||||
length = 0;
|
||||
max_retry--;
|
||||
continue;
|
||||
} else if (length <= 0) {
|
||||
total_read = -EAGAIN;
|
||||
|
|
Loading…
Add table
Reference in a new issue