From patchwork Thu Sep 1 14:22:13 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "zhangxiaoxu (A)" X-Patchwork-Id: 1672891 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=2620:137:e000::1:20; helo=out1.vger.email; envelope-from=linux-cifs-owner@vger.kernel.org; receiver=) Received: from out1.vger.email (out1.vger.email [IPv6:2620:137:e000::1:20]) by legolas.ozlabs.org (Postfix) with ESMTP id 4MJMDM5hrQz1ygc for ; Thu, 1 Sep 2022 23:22:59 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234177AbiIANW4 (ORCPT ); Thu, 1 Sep 2022 09:22:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48624 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233806AbiIANWa (ORCPT ); Thu, 1 Sep 2022 09:22:30 -0400 Received: from dggsgout12.his.huawei.com (dggsgout12.his.huawei.com [45.249.212.56]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C83BDE029 for ; Thu, 1 Sep 2022 06:21:12 -0700 (PDT) Received: from mail02.huawei.com (unknown [172.30.67.169]) by dggsgout12.his.huawei.com (SkyGuard) with ESMTP id 4MJM8K6G3dz6T5dm for ; Thu, 1 Sep 2022 21:19:29 +0800 (CST) Received: from huaweicloud.com (unknown [10.175.104.170]) by APP1 (Coremail) with SMTP id cCh0CgBnNSnAsRBjnEreAA--.15661S6; Thu, 01 Sep 2022 21:21:11 +0800 (CST) From: Zhang Xiaoxu To: linux-cifs@vger.kernel.org, zhangxiaoxu5@huawei.com, sfrench@samba.org, pc@cjr.nz, lsahlber@redhat.com, sprasad@microsoft.com, rohiths@microsoft.com, smfrench@gmail.com, tom@talpey.com, linkinjeon@kernel.org, hyc.lee@gmail.com Subject: [PATCH v3 2/5] ksmbd: Remove the wrong message length check of FSCTL_VALIDATE_NEGOTIATE_INFO Date: Thu, 1 Sep 2022 22:22:13 +0800 Message-Id: <20220901142216.3351155-3-zhangxiaoxu5@huawei.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220901142216.3351155-1-zhangxiaoxu5@huawei.com> References: <20220901142216.3351155-1-zhangxiaoxu5@huawei.com> MIME-Version: 1.0 X-CM-TRANSID: cCh0CgBnNSnAsRBjnEreAA--.15661S6 X-Coremail-Antispam: 1UD129KBjvdXoW7XrW3WF4DGF4xZrWrtryftFb_yoWfuFb_ZF yFyrs3W34UJF4fJw4Dta1IvFn8Jw4rGr18WFWIyFWjya4DtryfZw10q393GFy7uwsxWr48 uwn8ZF1j9rW8ujkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT 9fnUUIcSsGvfJTRUUUbqAYFVCjjxCrM7AC8VAFwI0_Wr0E3s1l1xkIjI8I6I8E6xAIw20E Y4v20xvaj40_JrI_JrWl1IIY67AEw4v_Jr0_Jr4l82xGYIkIc2x26280x7IE14v26r15M2 8IrcIa0xkI8VCY1x0267AKxVW5JVCq3wA2ocxC64kIII0Yj41l84x0c7CEw4AK67xGY2AK 021l84ACjcxK6xIIjxv20xvE14v26F1j6w1UM28EF7xvwVC0I7IYx2IY6xkF7I0E14v26r 4UJVWxJr1l84ACjcxK6I8E87Iv67AKxVW0oVCq3wA2z4x0Y4vEx4A2jsIEc7CjxVAFwI0_ GcCE3s1le2I262IYc4CY6c8Ij28IcVAaY2xG8wAqx4xG64xvF2IEw4CE5I8CrVC2j2WlYx 0E2Ix0cI8IcVAFwI0_JrI_JrylYx0Ex4A2jsIE14v26r1j6r4UMcvjeVCFs4IE7xkEbVWU JVW8JwACjcxG0xvY0x0EwIxGrwACI402YVCY1x02628vn2kIc2xKxwCF04k20xvY0x0EwI xGrwCF04k20xvEw4C26cxK6c8Ij28IcwCFx2IqxVCFs4IE7xkEbVWUJVW8JwC20s026c02 F40E14v26r1j6r18MI8I3I0E7480Y4vE14v26r106r1rMI8E67AF67kF1VAFwI0_Jw0_GF ylIxkGc2Ij64vIr41lIxAIcVC0I7IYx2IY67AKxVWUJVWUCwCI42IY6xIIjxv20xvEc7Cj xVAFwI0_Gr0_Cr1lIxAIcVCF04k26cxKx2IYs7xG6r1j6r1xMIIF0xvEx4A2jsIE14v26r 4j6F4UMIIF0xvEx4A2jsIEc7CjxVAFwI0_Gr1j6F4UJbIYCTnIWIevJa73UjIFyTuYvjxU oUUUUUUUU Sender: zhangxiaoxu@huaweicloud.com X-CM-SenderInfo: x2kd0wp0ld053x6k3tpzhluzxrxghudrp/ X-CFilter-Loop: Reflected X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org The struct validate_negotiate_info_req change from variable-length array to reguler array, but the message length check is unchanged. The fsctl_validate_negotiate_info() already check the message length, so remove it from smb2_ioctl(). Fixes: c7803b05f74b ("smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common") Signed-off-by: Zhang Xiaoxu Cc: --- fs/ksmbd/smb2pdu.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index c49f65146ab3..c9f400bbb814 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -7640,9 +7640,6 @@ int smb2_ioctl(struct ksmbd_work *work) goto out; } - if (in_buf_len < sizeof(struct validate_negotiate_info_req)) - return -EINVAL; - if (out_buf_len < sizeof(struct validate_negotiate_info_rsp)) return -EINVAL;