git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Steve French <stfrench@microsoft.com>
	Mon, 17 Feb 2025 04:17:54 +0000 (22:17 -0600)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 13 Mar 2025 12:01:40 +0000 (13:01 +0100)
commit	f2e8f906f9ed5529283f8c139859efc7bff4f2ef
tree	981f8004d801fefb0142fabeadfc8a7210db5090	tree
parent	c011482fb5fa867350aaad506d1455b34c1c2e42	commit \| diff

smb311: failure to open files of length 1040 when mounting with SMB3.1.1 POSIX extensions

[ Upstream commit 9df23801c83d3e12b4c09be39d37d2be385e52f9 ]

If a file size has bits 0x410 = ATTR_DIRECTORY | ATTR_REPARSE set
then during queryinfo (stat) the file is regarded as a directory
and subsequent opens can fail. A simple test example is trying
to open any file 1040 bytes long when mounting with "posix"
(SMB3.1.1 POSIX/Linux Extensions).

The cause of this bug is that Attributes field in smb2_file_all_info
struct occupies the same place that EndOfFile field in
smb311_posix_qinfo, and sometimes the latter struct is incorrectly
processed as if it was the first one.

Reported-by: Oleh Nykyforchyn <oleh.nyk@gmail.com>
Tested-by: Oleh Nykyforchyn <oleh.nyk@gmail.com>
Acked-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
Cc: stable@vger.kernel.org
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

fs/smb/client/cifsglob.h		diff \| blob \| blame \| history
fs/smb/client/reparse.h		diff \| blob \| blame \| history
fs/smb/client/smb2inode.c		diff \| blob \| blame \| history
fs/smb/client/smb2ops.c		diff \| blob \| blame \| history