lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 30 Jan 2020 19:38:05 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-kernel@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, stable@...r.kernel.org, Ronnie Sahlberg <lsahlber@...hat.com>, Steve French <stfrench@...rosoft.com>, Pavel Shilovsky <pshilov@...rosoft.com> Subject: [PATCH 5.4 029/110] cifs: set correct max-buffer-size for smb2_ioctl_init() From: Ronnie Sahlberg <lsahlber@...hat.com> commit 731b82bb1750a906c1e7f070aedf5505995ebea7 upstream. Fix two places where we need to adjust down the max response size for ioctl when it is used together with compounding. Signed-off-by: Ronnie Sahlberg <lsahlber@...hat.com> Signed-off-by: Steve French <stfrench@...rosoft.com> Reviewed-by: Pavel Shilovsky <pshilov@...rosoft.com> CC: Stable <stable@...r.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org> --- fs/cifs/smb2ops.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c @@ -1461,7 +1461,9 @@ smb2_ioctl_query_info(const unsigned int COMPOUND_FID, COMPOUND_FID, qi.info_type, true, buffer, qi.output_buffer_length, - CIFSMaxBufSize); + CIFSMaxBufSize - + MAX_SMB2_CREATE_RESPONSE_SIZE - + MAX_SMB2_CLOSE_RESPONSE_SIZE); } } else if (qi.flags == PASSTHRU_SET_INFO) { /* Can eventually relax perm check since server enforces too */ @@ -2634,7 +2636,10 @@ smb2_query_symlink(const unsigned int xi rc = SMB2_ioctl_init(tcon, &rqst[1], fid.persistent_fid, fid.volatile_fid, FSCTL_GET_REPARSE_POINT, - true /* is_fctl */, NULL, 0, CIFSMaxBufSize); + true /* is_fctl */, NULL, 0, + CIFSMaxBufSize - + MAX_SMB2_CREATE_RESPONSE_SIZE - + MAX_SMB2_CLOSE_RESPONSE_SIZE); if (rc) goto querty_exit;
Powered by blists - more mailing lists