From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7CD2F6FA7 for ; Sun, 17 Sep 2023 20:05:34 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8A628C433CD; Sun, 17 Sep 2023 20:05:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1694981134; bh=t7h2EM9HYJE6ootVcH3EadxRnyLeZX2q5CR5aCSViSo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=YSRPsfz+Eeo5tfRlFKhV4fEgzcbhxHz+J7q+tx/i9L2gpNzgjKS8na11iFF7IKshY zSxTIEnF+htoKMofXWYPS18jl9ZzZpxN94JIjViR9nSkgeBUT7N7KsRZfolrVBQpOQ MYihcZ5WTcPEmwmxZd4mhyGpNAo+jg+4FJcMkrWI= From: Greg Kroah-Hartman To: stable@vger.kernel.org Cc: Greg Kroah-Hartman , patches@lists.linux.dev, Namjae Jeon , Steve French , Sasha Levin , zdi-disclosures@trendmicro.com Subject: [PATCH 5.15 010/511] ksmbd: no response from compound read Date: Sun, 17 Sep 2023 21:07:17 +0200 Message-ID: <20230917191114.081889800@linuxfoundation.org> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20230917191113.831992765@linuxfoundation.org> References: <20230917191113.831992765@linuxfoundation.org> User-Agent: quilt/0.67 X-stable: review X-Patchwork-Hint: ignore Precedence: bulk X-Mailing-List: patches@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit 5.15-stable review patch. If anyone has any objections, please let me know. ------------------ From: Namjae Jeon [ Upstream commit e202a1e8634b186da38cbbff85382ea2b9e297cf ] ksmbd doesn't support compound read. If client send read-read in compound to ksmbd, there can be memory leak from read buffer. Windows and linux clients doesn't send it to server yet. For now, No response from compound read. compound read will be supported soon. Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-21587, ZDI-CAN-21588 Signed-off-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Sasha Levin --- fs/ksmbd/smb2pdu.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index f5506853ac0fa..e0b54cd70f041 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -6253,6 +6253,11 @@ int smb2_read(struct ksmbd_work *work) rsp_org = work->response_buf; WORK_BUFFERS(work, req, rsp); + if (work->next_smb2_rcv_hdr_off) { + work->send_no_response = 1; + err = -EOPNOTSUPP; + goto out; + } if (test_share_config_flag(work->tcon->share_conf, KSMBD_SHARE_FLAG_PIPE)) { -- 2.40.1