Merge tag '6.2-rc5-ksmbd-server-fixes' of git://git.samba.org/ksmbd

[sfrench/cifs-2.6.git] / fs / ksmbd / connection.c

diff --git a/fs/ksmbd/connection.c b/fs/ksmbd/connection.c
index fd0a288af299e37d0630f24d4192d530cae3197d..56be077e5d8ac5009f4e80a61a5519d082ed9c8a 100644 (file)
--- a/fs/ksmbd/connection.c
+++ b/fs/ksmbd/connection.c
@@ -280,7 +280,7 @@ int ksmbd_conn_handler_loop(void *p)
 {
        struct ksmbd_conn *conn = (struct ksmbd_conn *)p;
        struct ksmbd_transport *t = conn->transport;
-       unsigned int pdu_size;
+       unsigned int pdu_size, max_allowed_pdu_size;
        char hdr_buf[4] = {0,};
        int size;
 
@@ -305,13 +305,26 @@ int ksmbd_conn_handler_loop(void *p)
                pdu_size = get_rfc1002_len(hdr_buf);
                ksmbd_debug(CONN, "RFC1002 header %u bytes\n", pdu_size);
 
+               if (conn->status == KSMBD_SESS_GOOD)
+                       max_allowed_pdu_size =
+                               SMB3_MAX_MSGSIZE + conn->vals->max_write_size;
+               else
+                       max_allowed_pdu_size = SMB3_MAX_MSGSIZE;
+
+               if (pdu_size > max_allowed_pdu_size) {
+                       pr_err_ratelimited("PDU length(%u) excceed maximum allowed pdu size(%u) on connection(%d)\n",
+                                       pdu_size, max_allowed_pdu_size,
+                                       conn->status);
+                       break;
+               }
+
                /*
                 * Check if pdu size is valid (min : smb header size,
                 * max : 0x00FFFFFF).
                 */
                if (pdu_size < __SMB2_HEADER_STRUCTURE_SIZE ||
                    pdu_size > MAX_STREAM_PROT_LEN) {
-                       continue;
+                       break;
                }
 
                /* 4 for rfc1002 length field */