diff options
| author | Marios Makassikis <mmakassikis@freebox.fr> | 2021-06-26 22:56:48 +0900 |
|---|---|---|
| committer | Namjae Jeon <namjae.jeon@samsung.com> | 2021-06-29 15:06:23 +0900 |
| commit | a5a25a114ab2412831f063361360eb1192ca6151 (patch) | |
| tree | ca0bae6150b3d6ee2ac86389925086b6fe3302e4 /fs/ksmbd/smb2misc.c | |
| parent | e294f78d34785151cb6d7199ff61d110f9520e65 (diff) | |
| download | lwn-a5a25a114ab2412831f063361360eb1192ca6151.tar.gz lwn-a5a25a114ab2412831f063361360eb1192ca6151.zip | |
ksmbd: Relax credit_charge check in smb2_validate_credit_charge()
smb2_validate_credit_charge() checks the CreditCharge field in the
request is valid with regards to the payload size.
The current implementation rejects requests with CreditCharge = 0 and a
payload < 64K, even though they should be accepted.
Set CreditCharge to a minimum value of 1 to avoid rejecting such
requests. This matches what samba4 does.
Fixes share enumeration for jcifs-ng clients.
Signed-off-by: Marios Makassikis <mmakassikis@freebox.fr>
Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Diffstat (limited to 'fs/ksmbd/smb2misc.c')
| -rw-r--r-- | fs/ksmbd/smb2misc.c | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/fs/ksmbd/smb2misc.c b/fs/ksmbd/smb2misc.c index 730d68032c46..4508631c5706 100644 --- a/fs/ksmbd/smb2misc.c +++ b/fs/ksmbd/smb2misc.c @@ -317,14 +317,12 @@ static int smb2_validate_credit_charge(struct smb2_hdr *hdr) return 0; } + credit_charge = max(1, credit_charge); max_len = max(req_len, expect_resp_len); calc_credit_num = DIV_ROUND_UP(max_len, SMB2_MAX_BUFFER_SIZE); - if (!credit_charge && max_len > SMB2_MAX_BUFFER_SIZE) { - pr_err("credit charge is zero and payload size(%d) is bigger than 64K\n", - max_len); - return 1; - } else if (credit_charge < calc_credit_num) { - pr_err("credit charge : %d, calc_credit_num : %d\n", + + if (credit_charge < calc_credit_num) { + pr_err("Insufficient credit charge, given: %d, needed: %d\n", credit_charge, calc_credit_num); return 1; } |