Skip to content

Commit

Permalink
ksmbd: the buffer of smb2 query dir response has at least 1 byte
Browse files Browse the repository at this point in the history 
When STATUS_NO_MORE_FILES status is set to smb2 query dir response,
->StructureSize is set to 9, which mean buffer has 1 byte.
This issue occurs because ->Buffer[1] in smb2_query_directory_rsp to
flex-array.

Fixes: eb3e28c ("smb3: Replace smb2pdu 1-element arrays with flex-arrays")
Cc: stable@vger.kernel.org # v6.1+
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
  • Loading branch information
Namjae Jeon authored and Steve French committed Aug 22, 2024
1 parent b311c1b commit ce61b60
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion fs/smb/server/smb2pdu.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4409,7 +4409,8 @@ int smb2_query_dir(struct ksmbd_work *work)
rsp->OutputBufferLength = cpu_to_le32(0);
rsp->Buffer[0] = 0;
rc = ksmbd_iov_pin_rsp(work, (void *)rsp,
sizeof(struct smb2_query_directory_rsp));
offsetof(struct smb2_query_directory_rsp, Buffer)
+ 1);
if (rc)
goto err_out;
} else {
Expand Down

0 comments on commit ce61b60

Please sign in to comment.