Skip to content

Commit

Permalink
ksmbd: remove unsafe_memcpy use in session setup
Browse files Browse the repository at this point in the history 
Kees pointed out to just use directly ->Buffer instead of pointing
->Buffer using offset to avoid unsafe_memcpy use.

Signed-off-by: Namjae Jeon <[email protected]>
  • Loading branch information
@namjaejeon
namjaejeon committed Sep 23, 2024
1 parent 5b98e1d commit fc943fc
Showing 1 changed file with 3 additions and 9 deletions.
12 changes: 3 additions & 9 deletions smb2pdu.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1349,8 +1349,7 @@ static int ntlm_negotiate(struct ksmbd_work *work,
return rc;

sz = le16_to_cpu(rsp->SecurityBufferOffset);
chgblob =
(struct challenge_message *)((char *)&rsp->hdr.ProtocolId + sz);
chgblob = (struct challenge_message *)rsp->Buffer;
memset(chgblob, 0, sizeof(struct challenge_message));

if (!work->conn->use_spnego) {
Expand Down Expand Up @@ -1383,9 +1382,7 @@ static int ntlm_negotiate(struct ksmbd_work *work,
goto out;
}

sz = le16_to_cpu(rsp->SecurityBufferOffset);
unsafe_memcpy((char *)&rsp->hdr.ProtocolId + sz, spnego_blob, spnego_blob_len,
/* alloc is larger than blob, see smb2_allocate_rsp_buf() */);
memcpy(rsp->Buffer, spnego_blob, spnego_blob_len);
rsp->SecurityBufferLength = cpu_to_le16(spnego_blob_len);

out:
Expand Down Expand Up @@ -1467,10 +1464,7 @@ static int ntlm_authenticate(struct ksmbd_work *work,
if (rc)
return -ENOMEM;

sz = le16_to_cpu(rsp->SecurityBufferOffset);
unsafe_memcpy((char *)&rsp->hdr.ProtocolId + sz, spnego_blob,
spnego_blob_len,
/* alloc is larger than blob, see smb2_allocate_rsp_buf() */);
memcpy(rsp->Buffer, spnego_blob, spnego_blob_len);
rsp->SecurityBufferLength = cpu_to_le16(spnego_blob_len);
kfree(spnego_blob);
}
Expand Down

0 comments on commit fc943fc

Please sign in to comment.