Commit e9329d3c authored by Namjae Jeon's avatar Namjae Jeon Committed by Cai Xinchen
Browse files

ksmbd: no response from compound read 

mainline inclusion
from mainline-v6.5-rc4
commit e202a1e8
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IA5YWA
CVE: CVE-2023-39179

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e202a1e8634b186da38cbbff85382ea2b9e297cf



--------------------------------

ksmbd doesn't support compound read. If client send read-read in
compound to ksmbd, there can be memory leak from read buffer.
Windows and linux clients doesn't send it to server yet. For now,
No response from compound read. compound read will be supported soon.

Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-21587, ZDI-CAN-21588
Signed-off-by: default avatarNamjae Jeon <linkinjeon@kernel.org>
Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
Conflicts:
	fs/smb/server/smb2pdu.c
[smb2_read function is not move to fs/smb/server/smb2pdu.c.]
Signed-off-by: default avatarCai Xinchen <caixinchen1@huawei.com>
parent 50f1377f

fs/ksmbd/smb2pdu.c

+5 −0
Original line number Diff line number Diff line
@@ -6249,6 +6249,11 @@ int smb2_read(struct ksmbd_work *work) 
	int err = 0;



	WORK_BUFFERS(work, req, rsp);

	if (work->next_smb2_rcv_hdr_off) {

		work->send_no_response = 1;

		err = -EOPNOTSUPP;

		goto out;

	}



	if (test_share_config_flag(work->tcon->share_conf,

				   KSMBD_SHARE_FLAG_PIPE)) {