Commit da384789 authored by Enzo Matsumiya's avatar Enzo Matsumiya Committed by Steve French

smb2: small refactor in smb2_check_message()

If the command is SMB2_IOCTL, OutputLength and OutputContext are
optional and can be zero, so return early and skip calculated length
check.

Move the mismatched length message to the end of the check, to avoid
unnecessary logs when the check was not a real miscalculation.

Also change the pr_warn_once() to a pr_warn() so we're sure to get a
log for the real mismatches.
Signed-off-by: default avatarEnzo Matsumiya <ematsumiya@suse.de>
Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
parent c6f62f81
...@@ -1039,19 +1039,18 @@ int ...@@ -1039,19 +1039,18 @@ int
cifs_handle_standard(struct TCP_Server_Info *server, struct mid_q_entry *mid) cifs_handle_standard(struct TCP_Server_Info *server, struct mid_q_entry *mid)
{ {
char *buf = server->large_buf ? server->bigbuf : server->smallbuf; char *buf = server->large_buf ? server->bigbuf : server->smallbuf;
int length; int rc;
/* /*
* We know that we received enough to get to the MID as we * We know that we received enough to get to the MID as we
* checked the pdu_length earlier. Now check to see * checked the pdu_length earlier. Now check to see
* if the rest of the header is OK. We borrow the length * if the rest of the header is OK.
* var for the rest of the loop to avoid a new stack var.
* *
* 48 bytes is enough to display the header and a little bit * 48 bytes is enough to display the header and a little bit
* into the payload for debugging purposes. * into the payload for debugging purposes.
*/ */
length = server->ops->check_message(buf, server->total_read, server); rc = server->ops->check_message(buf, server->total_read, server);
if (length != 0) if (rc)
cifs_dump_mem("Bad SMB: ", buf, cifs_dump_mem("Bad SMB: ", buf,
min_t(unsigned int, server->total_read, 48)); min_t(unsigned int, server->total_read, 48));
...@@ -1066,9 +1065,9 @@ cifs_handle_standard(struct TCP_Server_Info *server, struct mid_q_entry *mid) ...@@ -1066,9 +1065,9 @@ cifs_handle_standard(struct TCP_Server_Info *server, struct mid_q_entry *mid)
return -1; return -1;
if (!mid) if (!mid)
return length; return rc;
handle_mid(mid, server, buf, length); handle_mid(mid, server, buf, rc);
return 0; return 0;
} }
......
...@@ -132,15 +132,15 @@ static __u32 get_neg_ctxt_len(struct smb2_hdr *hdr, __u32 len, ...@@ -132,15 +132,15 @@ static __u32 get_neg_ctxt_len(struct smb2_hdr *hdr, __u32 len,
} }
int int
smb2_check_message(char *buf, unsigned int len, struct TCP_Server_Info *srvr) smb2_check_message(char *buf, unsigned int len, struct TCP_Server_Info *server)
{ {
struct smb2_hdr *shdr = (struct smb2_hdr *)buf; struct smb2_hdr *shdr = (struct smb2_hdr *)buf;
struct smb2_pdu *pdu = (struct smb2_pdu *)shdr; struct smb2_pdu *pdu = (struct smb2_pdu *)shdr;
__u64 mid;
__u32 clc_len; /* calculated length */
int command;
int pdu_size = sizeof(struct smb2_pdu);
int hdr_size = sizeof(struct smb2_hdr); int hdr_size = sizeof(struct smb2_hdr);
int pdu_size = sizeof(struct smb2_pdu);
int command;
__u32 calc_len; /* calculated length */
__u64 mid;
/* /*
* Add function to do table lookup of StructureSize by command * Add function to do table lookup of StructureSize by command
...@@ -154,7 +154,7 @@ smb2_check_message(char *buf, unsigned int len, struct TCP_Server_Info *srvr) ...@@ -154,7 +154,7 @@ smb2_check_message(char *buf, unsigned int len, struct TCP_Server_Info *srvr)
/* decrypt frame now that it is completely read in */ /* decrypt frame now that it is completely read in */
spin_lock(&cifs_tcp_ses_lock); spin_lock(&cifs_tcp_ses_lock);
list_for_each_entry(iter, &srvr->smb_ses_list, smb_ses_list) { list_for_each_entry(iter, &server->smb_ses_list, smb_ses_list) {
if (iter->Suid == le64_to_cpu(thdr->SessionId)) { if (iter->Suid == le64_to_cpu(thdr->SessionId)) {
ses = iter; ses = iter;
break; break;
...@@ -221,30 +221,33 @@ smb2_check_message(char *buf, unsigned int len, struct TCP_Server_Info *srvr) ...@@ -221,30 +221,33 @@ smb2_check_message(char *buf, unsigned int len, struct TCP_Server_Info *srvr)
} }
} }
clc_len = smb2_calc_size(buf, srvr); calc_len = smb2_calc_size(buf, server);
/* For SMB2_IOCTL, OutputOffset and OutputLength are optional, so might
* be 0, and not a real miscalculation */
if (command == SMB2_IOCTL_HE && calc_len == 0)
return 0;
if (shdr->Command == SMB2_NEGOTIATE) if (command == SMB2_NEGOTIATE_HE)
clc_len += get_neg_ctxt_len(shdr, len, clc_len); calc_len += get_neg_ctxt_len(shdr, len, calc_len);
if (len != clc_len) { if (len != calc_len) {
cifs_dbg(FYI, "Calculated size %u length %u mismatch mid %llu\n",
clc_len, len, mid);
/* create failed on symlink */ /* create failed on symlink */
if (command == SMB2_CREATE_HE && if (command == SMB2_CREATE_HE &&
shdr->Status == STATUS_STOPPED_ON_SYMLINK) shdr->Status == STATUS_STOPPED_ON_SYMLINK)
return 0; return 0;
/* Windows 7 server returns 24 bytes more */ /* Windows 7 server returns 24 bytes more */
if (clc_len + 24 == len && command == SMB2_OPLOCK_BREAK_HE) if (calc_len + 24 == len && command == SMB2_OPLOCK_BREAK_HE)
return 0; return 0;
/* server can return one byte more due to implied bcc[0] */ /* server can return one byte more due to implied bcc[0] */
if (clc_len == len + 1) if (calc_len == len + 1)
return 0; return 0;
/* /*
* Some windows servers (win2016) will pad also the final * Some windows servers (win2016) will pad also the final
* PDU in a compound to 8 bytes. * PDU in a compound to 8 bytes.
*/ */
if (((clc_len + 7) & ~7) == len) if (((calc_len + 7) & ~7) == len)
return 0; return 0;
/* /*
...@@ -253,12 +256,18 @@ smb2_check_message(char *buf, unsigned int len, struct TCP_Server_Info *srvr) ...@@ -253,12 +256,18 @@ smb2_check_message(char *buf, unsigned int len, struct TCP_Server_Info *srvr)
* SMB2/SMB3 frame length (header + smb2 response specific data) * SMB2/SMB3 frame length (header + smb2 response specific data)
* Some windows servers also pad up to 8 bytes when compounding. * Some windows servers also pad up to 8 bytes when compounding.
*/ */
if (clc_len < len) if (calc_len < len)
return 0; return 0;
pr_warn_once( /* Only log a message if len was really miscalculated */
"srv rsp too short, len %d not %d. cmd:%d mid:%llu\n", if (unlikely(cifsFYI))
len, clc_len, command, mid); cifs_dbg(FYI, "Server response too short: calculated "
"length %u doesn't match read length %u (cmd=%d, mid=%llu)\n",
calc_len, len, command, mid);
else
pr_warn("Server response too short: calculated length "
"%u doesn't match read length %u (cmd=%d, mid=%llu)\n",
calc_len, len, command, mid);
return 1; return 1;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment