summaryrefslogtreecommitdiff
path: root/fs/ksmbd/smbacl.c
diff options
context:
space:
mode:
Diffstat (limited to 'fs/ksmbd/smbacl.c')
-rw-r--r--fs/ksmbd/smbacl.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/fs/ksmbd/smbacl.c b/fs/ksmbd/smbacl.c
index 3a6c0abdb035..ecf9db3d69c3 100644
--- a/fs/ksmbd/smbacl.c
+++ b/fs/ksmbd/smbacl.c
@@ -396,7 +396,9 @@ static void parse_dacl(struct user_namespace *user_ns,
if (num_aces <= 0)
return;
- if (num_aces > ULONG_MAX / sizeof(struct smb_ace *))
+ if (num_aces > (le16_to_cpu(pdacl->size) - sizeof(struct smb_acl)) /
+ (offsetof(struct smb_ace, sid) +
+ offsetof(struct smb_sid, sub_auth) + sizeof(__le16)))
return;
ret = init_acl_state(&acl_state, num_aces);
@@ -430,6 +432,7 @@ static void parse_dacl(struct user_namespace *user_ns,
offsetof(struct smb_sid, sub_auth);
if (end_of_acl - acl_base < acl_size ||
+ ppace[i]->sid.num_subauth == 0 ||
ppace[i]->sid.num_subauth > SID_MAX_SUB_AUTHORITIES ||
(end_of_acl - acl_base <
acl_size + sizeof(__le32) * ppace[i]->sid.num_subauth) ||
generated by cgit v1.2.3 (git 2.0.4) at 2025-07-14 01:19:41 +0000