diff options
author | Namjae Jeon <linkinjeon@kernel.org> | 2023-07-23 08:22:33 +0200 |
---|---|---|
committer | Steve French <stfrench@microsoft.com> | 2023-07-23 17:25:11 +0200 |
commit | e202a1e8634b186da38cbbff85382ea2b9e297cf (patch) | |
tree | 812f0ebf055a2f4c27b2a3c0e2a9cab4c10345df /fs | |
parent | ksmbd: validate session id and tree id in compound request (diff) | |
download | linux-e202a1e8634b186da38cbbff85382ea2b9e297cf.tar.xz linux-e202a1e8634b186da38cbbff85382ea2b9e297cf.zip |
ksmbd: no response from compound read
ksmbd doesn't support compound read. If client send read-read in
compound to ksmbd, there can be memory leak from read buffer.
Windows and linux clients doesn't send it to server yet. For now,
No response from compound read. compound read will be supported soon.
Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-21587, ZDI-CAN-21588
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/smb/server/smb2pdu.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c index efe00beafd15..9849d7489345 100644 --- a/fs/smb/server/smb2pdu.c +++ b/fs/smb/server/smb2pdu.c @@ -6214,6 +6214,11 @@ int smb2_read(struct ksmbd_work *work) unsigned int max_read_size = conn->vals->max_read_size; WORK_BUFFERS(work, req, rsp); + if (work->next_smb2_rcv_hdr_off) { + work->send_no_response = 1; + err = -EOPNOTSUPP; + goto out; + } if (test_share_config_flag(work->tcon->share_conf, KSMBD_SHARE_FLAG_PIPE)) { |