From 87afc113e15bfb2df8a0d655e7d21478af4a54e2 Mon Sep 17 00:00:00 2001
From: Namjae Jeon <linkinjeon@kernel.org>
Date: Sun, 9 Feb 2025 11:14:25 +0900
Subject: [PATCH] ksmbd: test

Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
---
 smbacl.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/smbacl.c b/smbacl.c
index 943b6f248..579e57ede 100644
--- a/smbacl.c
+++ b/smbacl.c
@@ -445,6 +445,9 @@ static void parse_dacl(struct user_namespace *user_ns,
 		return;
 	}
 
+	if (le16_to_cpu(pdacl->size) < sizeof(struct smb_acl))
+		return;
+
 	ksmbd_debug(SMB, "DACL revision %d size %d num aces %d\n",
 		    le16_to_cpu(pdacl->revision), le16_to_cpu(pdacl->size),
 		    le32_to_cpu(pdacl->num_aces));
@@ -456,7 +459,7 @@ static void parse_dacl(struct user_namespace *user_ns,
 	if (num_aces <= 0)
 		return;
 
-	if (num_aces > ULONG_MAX / sizeof(struct smb_ace *))
+	if (num_aces > (le16_to_cpu(pdacl->size) - sizeof(struct smb_acl)) / sizeof(struct smb_ace *))
 		return;
 
 	ret = init_acl_state(&acl_state, num_aces);