We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
1 parent 6f0e5a0 commit 87afc11Copy full SHA for 87afc11
smbacl.c
@@ -445,6 +445,9 @@ static void parse_dacl(struct user_namespace *user_ns,
445
return;
446
}
447
448
+ if (le16_to_cpu(pdacl->size) < sizeof(struct smb_acl))
449
+ return;
450
+
451
ksmbd_debug(SMB, "DACL revision %d size %d num aces %d\n",
452
le16_to_cpu(pdacl->revision), le16_to_cpu(pdacl->size),
453
le32_to_cpu(pdacl->num_aces));
@@ -456,7 +459,7 @@ static void parse_dacl(struct user_namespace *user_ns,
456
459
if (num_aces <= 0)
457
460
458
461
- if (num_aces > ULONG_MAX / sizeof(struct smb_ace *))
462
+ if (num_aces > (le16_to_cpu(pdacl->size) - sizeof(struct smb_acl)) / sizeof(struct smb_ace *))
463
464
465
ret = init_acl_state(&acl_state, num_aces);
0 commit comments