Merge tag '5.20-rc-ksmbd-server-fixes' of git://git.samba.org/ksmbd

[linux-2.6-microblaze.git] / fs / ksmbd / vfs.c

diff --git a/fs/ksmbd/vfs.c b/fs/ksmbd/vfs.c
index 7c84902..78d0103 100644 (file)
--- a/fs/ksmbd/vfs.c
+++ b/fs/ksmbd/vfs.c
@@ -481,12 +481,11 @@ int ksmbd_vfs_write(struct ksmbd_work *work, struct ksmbd_file *fp,
                    char *buf, size_t count, loff_t *pos, bool sync,
                    ssize_t *written)
 {
-       struct ksmbd_session *sess = work->sess;
        struct file *filp;
        loff_t  offset = *pos;
        int err = 0;
 
-       if (sess->conn->connection_type) {
+       if (work->conn->connection_type) {
                if (!(fp->daccess & FILE_WRITE_DATA_LE)) {
                        pr_err("no right to write(%pd)\n",
                               fp->filp->f_path.dentry);
@@ -1540,6 +1539,11 @@ int ksmbd_vfs_get_sd_xattr(struct ksmbd_conn *conn,
        }
 
        *pntsd = acl.sd_buf;
+       if (acl.sd_size < sizeof(struct smb_ntsd)) {
+               pr_err("sd size is invalid\n");
+               goto out_free;
+       }
+
        (*pntsd)->osidoffset = cpu_to_le32(le32_to_cpu((*pntsd)->osidoffset) -
                                           NDR_NTSD_OFFSETOF);
        (*pntsd)->gsidoffset = cpu_to_le32(le32_to_cpu((*pntsd)->gsidoffset) -