ksmbd: align aux_payload_buf to avoid OOB reads in cryptographic operations

The aux_payload_buf allocation in SMB2 read is performed without ensuring
alignment, which could result in out-of-bounds (OOB) reads during
cryptographic operations such as crypto_xor or ghash. This patch aligns
the allocation of aux_payload_buf to prevent these issues.
(Note that to add this patch to stable would require modifications due
to recent patch "ksmbd: use __GFP_RETRY_MAYFAIL")

Signed-off-by: Norbert Szetei <[email protected]>
Acked-by: Namjae Jeon <[email protected]>
Signed-off-by: Steve French <[email protected]>

diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c
index 23879555880fcb9ecb7e1506c940118973d39108..4f539eeadbb0debb5db463b3b0b10579b57cfbdf 100644 (file)
--- a/fs/smb/server/smb2pdu.c
+++ b/fs/smb/server/smb2pdu.c
@@ -6680,7 +6680,7 @@ int smb2_read(struct ksmbd_work *work)
        ksmbd_debug(SMB, "filename %pD, offset %lld, len %zu\n",
                    fp->filp, offset, length);
 
-       aux_payload_buf = kvzalloc(length, KSMBD_DEFAULT_GFP);
+       aux_payload_buf = kvzalloc(ALIGN(length, 8), KSMBD_DEFAULT_GFP);
        if (!aux_payload_buf) {
                err = -ENOMEM;
                goto out;