Message ID | 20240103121241.1723794-2-cascardo@canonical.com |
---|---|
State | New |
Headers | show |
Series | CVE-2023-6606 | expand |
diff --git a/fs/smb/client/misc.c b/fs/smb/client/misc.c index d7e85d9a2655..da711796fe74 100644 --- a/fs/smb/client/misc.c +++ b/fs/smb/client/misc.c @@ -359,6 +359,10 @@ checkSMB(char *buf, unsigned int total_read, struct TCP_Server_Info *server) cifs_dbg(VFS, "Length less than smb header size\n"); } return -EIO; + } else if (total_read < sizeof(*smb) + 2 * smb->WordCount) { + cifs_dbg(VFS, "%s: can't read BCC due to invalid WordCount(%u)\n", + __func__, smb->WordCount); + return -EIO; } /* otherwise, there is enough to get to the BCC */