ksmbd: set STATUS_INVALID_PARAMETER error status if credit charge is invalid

MS-SMB2 specification describe : If the calculated credit number is greater than the CreditCharge, the server MUST fail the request with the error code STATUS_INVALID_PARAMETER. Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>

ksmbd: set STATUS_INVALID_PARAMETER error status if credit charge is invalid
MS-SMB2 specification describe : If the calculated credit number is greater than the CreditCharge, the server MUST fail the request with the error code STATUS_INVALID_PARAMETER. Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
67307023 · Namjae Jeon · 58090b17 · 67307023 · 67307023
Commit 67307023 authored Jul 16, 2021 by Namjae Jeon
Hide whitespace changes
Inline Side-by-side

Showing with 17 additions and 12 deletions

fs/ksmbd/server.c fs/ksmbd/server.c +10 -10

fs/ksmbd/smb2misc.c fs/ksmbd/smb2misc.c +7 -2

No files found.
--- a/fs/ksmbd/server.c
+++ b/fs/ksmbd/server.c
@@ -101,8 +101,8 @@ static inline int check_conn_state(struct ksmbd_work *work)
 	return 0;
 }
-#define TCP_HANDLER_CONTINUE	0
+#define SERVER_HANDLER_CONTINUE		0
-#define TCP_HANDLER_ABORT	1
+#define SERVER_HANDLER_ABORT		1
 static int __process_request(struct ksmbd_work *work, struct ksmbd_conn *conn,
 			     u16 *cmd)
@@ -112,10 +112,10 @@ static int __process_request(struct ksmbd_work *work, struct ksmbd_conn *conn,
 	int ret;
 	if (check_conn_state(work))
-		return TCP_HANDLER_CONTINUE;
+		return SERVER_HANDLER_CONTINUE;
 	if (ksmbd_verify_smb_message(work))
-		return TCP_HANDLER_ABORT;
+		return SERVER_HANDLER_ABORT;
 	command = conn->ops->get_cmd_val(work);
 	*cmd = command;
@@ -123,21 +123,21 @@ static int __process_request(struct ksmbd_work *work, struct ksmbd_conn *conn,
 andx_again:
 	if (command >= conn->max_cmds) {
 		conn->ops->set_rsp_status(work, STATUS_INVALID_PARAMETER);
-		return TCP_HANDLER_CONTINUE;
+		return SERVER_HANDLER_CONTINUE;
 	}
 	cmds = &conn->cmds[command];
 	if (!cmds->proc) {
 		ksmbd_debug(SMB, "*** not implemented yet cmd = %x\n", command);
 		conn->ops->set_rsp_status(work, STATUS_NOT_IMPLEMENTED);
-		return TCP_HANDLER_CONTINUE;
+		return SERVER_HANDLER_CONTINUE;
 	}
 	if (work->sess && conn->ops->is_sign_req(work, command)) {
 		ret = conn->ops->check_sign_req(work);
 		if (!ret) {
 			conn->ops->set_rsp_status(work, STATUS_ACCESS_DENIED);
-			return TCP_HANDLER_CONTINUE;
+			return SERVER_HANDLER_CONTINUE;
 		}
 	}
@@ -153,8 +153,8 @@ static int __process_request(struct ksmbd_work *work, struct ksmbd_conn *conn,
 	}
 	if (work->send_no_response)
-		return TCP_HANDLER_ABORT;
+		return SERVER_HANDLER_ABORT;
-	return TCP_HANDLER_CONTINUE;
+	return SERVER_HANDLER_CONTINUE;
 }
 static void __handle_ksmbd_work(struct ksmbd_work *work,
@@ -203,7 +203,7 @@ static void __handle_ksmbd_work(struct ksmbd_work *work,
 	do {
 		rc = __process_request(work, conn, &command);
-		if (rc == TCP_HANDLER_ABORT)
+		if (rc == SERVER_HANDLER_ABORT)
 			break;
 		/*

--- a/fs/ksmbd/smb2misc.c
+++ b/fs/ksmbd/smb2misc.c
@@ -423,8 +423,13 @@ int ksmbd_smb2_check_message(struct ksmbd_work *work)
 		return 1;
 	}
-	return work->conn->vals->capabilities & SMB2_GLOBAL_CAP_LARGE_MTU ?
+	if ((work->conn->vals->capabilities & SMB2_GLOBAL_CAP_LARGE_MTU) &&
-		smb2_validate_credit_charge(hdr) : 0;
+	    smb2_validate_credit_charge(hdr)) {
+		work->conn->ops->set_rsp_status(work, STATUS_INVALID_PARAMETER);
+		return 1;
+	}
+	return 0;
 }
 int smb2_negotiate_request(struct ksmbd_work *work)