Re: [PATCH] ksmbd: validate the zero field of packet header
From: Tom Talpey
Date: Fri Dec 08 2023 - 10:35:02 EST
On 12/8/2023 9:20 AM, Namjae Jeon wrote:
2023-12-08 15:56 GMT+09:00, linan666@xxxxxxxxxxxxxxx <linan666@xxxxxxxxxxxxxxx>:
From: Li Nan <linan122@xxxxxxxxxx>
The SMB2 Protocol requires that "The first byte of the Direct TCP
transport packet header MUST be zero (0x00)"[1]. Commit 1c1bcf2d3ea0
("ksmbd: validate smb request protocol id") removed the validation of
this 1-byte zero. Add the validation back now.
[1]: [MS-SMB2] - v20230227, page 30.
https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-SMB2/%5bMS-SMB2%5d-230227.pdf
Fixes: 1c1bcf2d3ea0 ("ksmbd: validate smb request protocol id")
Signed-off-by: Li Nan <linan122@xxxxxxxxxx>
Acked-by: Namjae Jeon <linkinjeon@xxxxxxxxxx>
Applied it to #ksmbd-for-next-next.
Thanks for your patch!
Technically speaking, the first byte of the 4-byte header is a flag
used for multi-segment continuation/reassembly. But since ksmbd does
not have any code to do such processing, it's best to deny the
message. So...
Acked-by: Tom Talpey <tom@xxxxxxxxxx>