ksmbd: fix

Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>

Author: namjaejeon

smbacl.c

@@ -942,11 +942,6 @@ int parse_sec_desc(struct user_namespace *user_ns, struct smb_ntsd *pntsd,
 		    le32_to_cpu(pntsd->gsidoffset),
 		    le32_to_cpu(pntsd->sacloffset), dacloffset);
 
-	if (le32_to_cpu(pntsd->osidoffset) < sizeof(struct smb_ntsd) ||
-	    le32_to_cpu(pntsd->gsidoffset) < sizeof(struct smb_ntsd) ||
-	     dacloffset < sizeof(struct smb_ntsd))
-		return -EINVAL;
-
 	pntsd_type = le16_to_cpu(pntsd->type);
 	if (!(pntsd_type & DACL_PRESENT)) {
 		ksmbd_debug(SMB, "DACL_PRESENT in DACL type is not set\n");
@@ -956,6 +951,9 @@ int parse_sec_desc(struct user_namespace *user_ns, struct smb_ntsd *pntsd,
 	pntsd->type = cpu_to_le16(DACL_PRESENT);
 
 	if (pntsd->osidoffset) {
+		if (le32_to_cpu(pntsd->osidoffset) < sizeof(struct smb_ntsd))
+			return -EINVAL;
+
 		rc = parse_sid(owner_sid_ptr, end_of_acl);
 		if (rc) {
 			pr_err("%s: Error %d parsing Owner SID\n", __func__, rc);
@@ -975,6 +973,9 @@ int parse_sec_desc(struct user_namespace *user_ns, struct smb_ntsd *pntsd,
 	}
 
 	if (pntsd->gsidoffset) {
+		if (le32_to_cpu(pntsd->gsidoffset) < sizeof(struct smb_ntsd))
+			return -EINVAL;
+
 		rc = parse_sid(group_sid_ptr, end_of_acl);
 		if (rc) {
 			pr_err("%s: Error %d mapping Owner SID to gid\n",
@@ -1000,6 +1001,9 @@ int parse_sec_desc(struct user_namespace *user_ns, struct smb_ntsd *pntsd,
 		pntsd->type |= cpu_to_le16(DACL_PROTECTED);
 
 	if (dacloffset) {
+		if (dacloffset < sizeof(struct smb_ntsd))
+			return -EINVAL;
+
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 3, 0)
 		parse_dacl(idmap, dacl_ptr, end_of_acl,
 #else