Re: [GIT PULL] ksmbd server security fixes

From: Linus Torvalds
Date: Mon Sep 20 2021 - 22:06:18 EST


On Sun, Sep 19, 2021 at 7:22 AM Steve French <smfrench@xxxxxxxxx> wrote:
>
> 3 ksmbd fixes: including an important security fix for path
> processing, and a missing buffer overflow check, and a trivial fix for
> incorrect header inclusion
>
> There are three additional patches (and also a patch to improve
> symlink checks) for other buffer overflow cases that are being
> reviewed and tested.

Note that if you are working on a path basis, you should really take a
look at our vfs lookup_flags, and LOOKUP_BENEATH in particular.

The way to deal with '..' and symlinks is not to try to figure it out
yourself. You'll get it wrong, partly because the races with rename
are quite interesting. The VFS layer knows how to limit pathname
lookup to the particular directory you started in these days.

Of course, that is only true for the actual path lookup functions.
Once you start doing things manually one component at a time yourself,
you're on your own.

Linus