Commit b16b27c8 authored by Namjae Jeon's avatar Namjae Jeon Committed by Cai Xinchen
Browse files

ksmbd: no response from compound read

mainline inclusion
from mainline-v6.5-rc4
commit e202a1e8
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IA5YWA
CVE: CVE-2023-39179

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e202a1e8634b186da38cbbff85382ea2b9e297cf



--------------------------------

ksmbd doesn't support compound read. If client send read-read in
compound to ksmbd, there can be memory leak from read buffer.
Windows and linux clients doesn't send it to server yet. For now,
No response from compound read. compound read will be supported soon.

Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-21587, ZDI-CAN-21588
Signed-off-by: default avatarNamjae Jeon <linkinjeon@kernel.org>
Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
Conflicts:
	fs/smb/server/smb2pdu.c
[smb2_read function is not move to fs/smb/server/smb2pdu.c.]
Signed-off-by: default avatarCai Xinchen <caixinchen1@huawei.com>
parent 5d5e3280
Loading
Loading
Loading
Loading
+5 −0
Original line number Diff line number Diff line
@@ -6249,6 +6249,11 @@ int smb2_read(struct ksmbd_work *work)
	int err = 0;

	WORK_BUFFERS(work, req, rsp);
	if (work->next_smb2_rcv_hdr_off) {
		work->send_no_response = 1;
		err = -EOPNOTSUPP;
		goto out;
	}

	if (test_share_config_flag(work->tcon->share_conf,
				   KSMBD_SHARE_FLAG_PIPE)) {