!1664 [sync] PR-1605: CVE-2023-38430

Merge Pull Request from: @openeuler-sync-bot Origin pull request: https://gitee.com/openeuler/kernel/pulls/1605 PR sync from: Li Nan <linan122@huawei.com> https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/PLIYRODHJZO5O3JJ5LZMDZ5VC2QZZXUQ/ Li Nan (1): ksmbd: define SMB2_COMPRESSION_TRANSFORM_ID in fs/ksmbd/smb2pdu.h Namjae Jeon (1): ksmbd: validate smb request protocol id -- 2.39.2 https://gitee.com/openeuler/kernel/issues/I7LU2S Link:https://gitee.com/openeuler/kernel/pulls/1664 Reviewed-by: Jialin Zhang <zhangjialin11@huawei.com> Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>

!1664 [sync] PR-1605: CVE-2023-38430
Merge Pull Request from: @openeuler-sync-bot Origin pull request: https://gitee.com/openeuler/kernel/pulls/1605 PR sync from: Li Nan <linan122@huawei.com> https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/PLIYRODHJZO5O3JJ5LZMDZ5VC2QZZXUQ/ Li Nan (1): ksmbd: define SMB2_COMPRESSION_TRANSFORM_ID in fs/ksmbd/smb2pdu.h Namjae Jeon (1): ksmbd: validate smb request protocol id -- 2.39.2 https://gitee.com/openeuler/kernel/issues/I7LU2S Link:https://gitee.com/openeuler/kernel/pulls/1664 Reviewed-by: Jialin Zhang <zhangjialin11@huawei.com> Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>
54bc7773 · openeuler-ci-bot · Gitee · 7b1a5167 · 7fc8c491 · 54bc7773
隐藏空白更改
内联并排

Showing with 17 addition and 3 deletion

fs/ksmbd/connection.c fs/ksmbd/connection.c +3 -2

fs/ksmbd/smb2pdu.h fs/ksmbd/smb2pdu.h +1 -0

fs/ksmbd/smb_common.c fs/ksmbd/smb_common.c +13 -1

未找到文件。
--- a/fs/ksmbd/connection.c
+++ b/fs/ksmbd/connection.c
@@ -315,8 +315,6 @@ int ksmbd_conn_handler_loop(void *p)
 			continue;

 		memcpy(conn->request_buf, hdr_buf, sizeof(hdr_buf));
-		if (!ksmbd_smb_request(conn))
-			break;

 		/*
 		 * We already read 4 bytes to find out PDU size, now
@@ -334,6 +332,9 @@ int ksmbd_conn_handler_loop(void *p)
 			continue;
 		}

+		if (!ksmbd_smb_request(conn))
+			break;
+
 		if (!default_conn_ops.process_fn) {
 			pr_err("No connection request callback\n");
 			break;

--- a/fs/ksmbd/smb2pdu.h
+++ b/fs/ksmbd/smb2pdu.h
@@ -109,6 +109,7 @@

 #define SMB2_PROTO_NUMBER cpu_to_le32(0x424d53fe) /* 'B''M''S' */
 #define SMB2_TRANSFORM_PROTO_NUM cpu_to_le32(0x424d53fd)
+#define SMB2_COMPRESSION_TRANSFORM_ID cpu_to_le32(0x424d53fc)

 #define SMB21_DEFAULT_IOSIZE	(1024 * 1024)
 #define SMB3_DEFAULT_IOSIZE	(4 * 1024 * 1024)

--- a/fs/ksmbd/smb_common.c
+++ b/fs/ksmbd/smb_common.c
@@ -156,7 +156,19 @@ int ksmbd_verify_smb_message(struct ksmbd_work *work)
 */
 bool ksmbd_smb_request(struct ksmbd_conn *conn)
 {
-	return conn->request_buf[0] == 0;
+	__le32 *proto = (__le32 *)smb2_get_msg(conn->request_buf);
+
+	if (*proto == SMB2_COMPRESSION_TRANSFORM_ID) {
+		pr_err_ratelimited("smb2 compression not support yet");
+		return false;
+	}
+
+	if (*proto != SMB1_PROTO_NUMBER &&
+	    *proto != SMB2_PROTO_NUMBER &&
+	    *proto != SMB2_TRANSFORM_PROTO_NUM)
+		return false;
+
+	return true;
 }

 static bool supported_protocol(int idx)