Skip to content

Commit

Permalink
ksmbd: the buffer of smb2 query dir response has at least 1 byte
Browse files Browse the repository at this point in the history 
When STATUS_NO_MORE_FILES status is set to smb2 query dir response,
->StructureSize is set to 9, which mean buffer has 1 byte.
This issue occurs because ->Buffer[1] in smb2_query_directory_rsp to
flex-array.

ixes: eb3e28c1e89b ("smb3: Replace smb2pdu 1-element arrays with flex-arrays")
Cc: [email protected] # v6.1+
Signed-off-by: Namjae Jeon <[email protected]>
  • Loading branch information
@namjaejeon
namjaejeon committed Aug 20, 2024
1 parent fc0314d commit 8558705
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion smb2pdu.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4651,7 +4651,8 @@ int smb2_query_dir(struct ksmbd_work *work)
rsp->OutputBufferLength = cpu_to_le32(0);
rsp->Buffer[0] = 0;
rc = ksmbd_iov_pin_rsp(work, (void *)rsp,
sizeof(struct smb2_query_directory_rsp));
offsetof(struct smb2_query_directory_rsp, Buffer)
+ 1);
if (rc)
goto err_out;
} else {
Expand Down

0 comments on commit 8558705

Please sign in to comment.