ksmbd: no response from compound read

[ Upstream commit e202a1e8634b186da38cbbff85382ea2b9e297cf ]

ksmbd doesn't support compound read. If client send read-read in
compound to ksmbd, there can be memory leak from read buffer.
Windows and linux clients doesn't send it to server yet. For now,
No response from compound read. compound read will be supported soon.

Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-21587, ZDI-CAN-21588
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c
index f5506853ac0fa913291f06b03ed2c9953fde3bb1..b763c6ba636fb28fecb777c9cf475b924768747c 100644 (file)
--- a/fs/ksmbd/smb2pdu.c
+++ b/fs/ksmbd/smb2pdu.c
@@ -6245,7 +6245,7 @@ int smb2_read(struct ksmbd_work *work)
        struct ksmbd_conn *conn = work->conn;
        struct smb2_read_req *req;
        struct smb2_read_rsp *rsp, *rsp_org;
-       struct ksmbd_file *fp;
+       struct ksmbd_file *fp = NULL;
        loff_t offset;
        size_t length, mincount;
        ssize_t nbytes = 0, remain_bytes = 0;
@@ -6253,6 +6253,11 @@ int smb2_read(struct ksmbd_work *work)
 
        rsp_org = work->response_buf;
        WORK_BUFFERS(work, req, rsp);
+       if (work->next_smb2_rcv_hdr_off) {
+               work->send_no_response = 1;
+               err = -EOPNOTSUPP;
+               goto out;
+       }
 
        if (test_share_config_flag(work->tcon->share_conf,
                                   KSMBD_SHARE_FLAG_PIPE)) {