summaryrefslogtreecommitdiff
path: root/fs/ksmbd/smb2misc.c
diff options
context:
space:
mode:
Diffstat (limited to 'fs/ksmbd/smb2misc.c')
-rw-r--r--fs/ksmbd/smb2misc.c31
1 files changed, 13 insertions, 18 deletions
diff --git a/fs/ksmbd/smb2misc.c b/fs/ksmbd/smb2misc.c
index 6e25ace36568..fbdde426dd01 100644
--- a/fs/ksmbd/smb2misc.c
+++ b/fs/ksmbd/smb2misc.c
@@ -149,15 +149,11 @@ static int smb2_get_data_area_len(unsigned int *off, unsigned int *len,
break;
case SMB2_LOCK:
{
- int lock_count;
+ unsigned short lock_count;
- /*
- * smb2_lock request size is 48 included single
- * smb2_lock_element structure size.
- */
- lock_count = le16_to_cpu(((struct smb2_lock_req *)hdr)->LockCount) - 1;
+ lock_count = le16_to_cpu(((struct smb2_lock_req *)hdr)->LockCount);
if (lock_count > 0) {
- *off = __SMB2_HEADER_STRUCTURE_SIZE + 48;
+ *off = offsetof(struct smb2_lock_req, locks);
*len = sizeof(struct smb2_lock_element) * lock_count;
}
break;
@@ -412,20 +408,19 @@ int ksmbd_smb2_check_message(struct ksmbd_work *work)
goto validate_credit;
/*
- * windows client also pad up to 8 bytes when compounding.
- * If pad is longer than eight bytes, log the server behavior
- * (once), since may indicate a problem but allow it and
- * continue since the frame is parseable.
+ * SMB2 NEGOTIATE request will be validated when message
+ * handling proceeds.
*/
- if (clc_len < len) {
- ksmbd_debug(SMB,
- "cli req padded more than expected. Length %d not %d for cmd:%d mid:%llu\n",
- len, clc_len, command,
- le64_to_cpu(hdr->MessageId));
+ if (command == SMB2_NEGOTIATE_HE)
+ goto validate_credit;
+
+ /*
+ * Allow a message that padded to 8byte boundary.
+ */
+ if (clc_len < len && (len - clc_len) < 8)
goto validate_credit;
- }
- ksmbd_debug(SMB,
+ pr_err_ratelimited(
"cli req too short, len %d not %d. cmd:%d mid:%llu\n",
len, clc_len, command,
le64_to_cpu(hdr->MessageId));