diff mbox series

[1/2] ksmbd: add low bound validation to FSCTL_SET_ZERO_DATA

Message ID 20230305123443.21509-1-linkinjeon@kernel.org
State New
Headers show
Series [1/2] ksmbd: add low bound validation to FSCTL_SET_ZERO_DATA | expand

Commit Message

Namjae Jeon March 5, 2023, 12:34 p.m. UTC
Smatch static checker warning:
 fs/ksmbd/smb2pdu.c:7759 smb2_ioctl()
 warn: no lower bound on 'off'

Fix unexpected result that could caused from negative off and bfz.

Fixes: b5e5f9dfc915 ("ksmbd: check invalid FileOffset and BeyondFinalZero in FSCTL_ZERO_DATA")
Reported-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
---
 fs/ksmbd/smb2pdu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Sergey Senozhatsky March 7, 2023, 4:11 a.m. UTC | #1
On (23/03/05 21:34), Namjae Jeon wrote:
> Smatch static checker warning:
>  fs/ksmbd/smb2pdu.c:7759 smb2_ioctl()
>  warn: no lower bound on 'off'
> 
> Fix unexpected result that could caused from negative off and bfz.
> 
> Fixes: b5e5f9dfc915 ("ksmbd: check invalid FileOffset and BeyondFinalZero in FSCTL_ZERO_DATA")
> Reported-by: Dan Carpenter <error27@gmail.com>
> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>

Reviewed-by: Sergey Senozhatsky <senozhatsky@chromium.org>
diff mbox series

Patch

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c
index 81e987114206..b7a420e0fcc4 100644
--- a/fs/ksmbd/smb2pdu.c
+++ b/fs/ksmbd/smb2pdu.c
@@ -7757,7 +7757,7 @@  int smb2_ioctl(struct ksmbd_work *work)
 
 		off = le64_to_cpu(zero_data->FileOffset);
 		bfz = le64_to_cpu(zero_data->BeyondFinalZero);
-		if (off > bfz) {
+		if (off < 0 || bfz < 0 || off > bfz) {
 			ret = -EINVAL;
 			goto out;
 		}