From: Marios Makassikis mmakassikis@freebox.fr
mainline inclusion from mainline-5.15-rc1 commit a5a25a114ab2412831f063361360eb1192ca6151 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA
Reference: https://git.kernel.org/torvalds/linux/c/a5a25a114ab2
-------------------------------
smb2_validate_credit_charge() checks the CreditCharge field in the request is valid with regards to the payload size.
The current implementation rejects requests with CreditCharge = 0 and a payload < 64K, even though they should be accepted.
Set CreditCharge to a minimum value of 1 to avoid rejecting such requests. This matches what samba4 does.
Fixes share enumeration for jcifs-ng clients.
Signed-off-by: Marios Makassikis mmakassikis@freebox.fr Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com Signed-off-by: Zhong Jinghua zhongjinghua@huawei.com --- fs/ksmbd/smb2misc.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/fs/ksmbd/smb2misc.c b/fs/ksmbd/smb2misc.c index 730d68032c46..4508631c5706 100644 --- a/fs/ksmbd/smb2misc.c +++ b/fs/ksmbd/smb2misc.c @@ -317,14 +317,12 @@ static int smb2_validate_credit_charge(struct smb2_hdr *hdr) return 0; }
+ credit_charge = max(1, credit_charge); max_len = max(req_len, expect_resp_len); calc_credit_num = DIV_ROUND_UP(max_len, SMB2_MAX_BUFFER_SIZE); - if (!credit_charge && max_len > SMB2_MAX_BUFFER_SIZE) { - pr_err("credit charge is zero and payload size(%d) is bigger than 64K\n", - max_len); - return 1; - } else if (credit_charge < calc_credit_num) { - pr_err("credit charge : %d, calc_credit_num : %d\n", + + if (credit_charge < calc_credit_num) { + pr_err("Insufficient credit charge, given: %d, needed: %d\n", credit_charge, calc_credit_num); return 1; }