]> git.ipfire.org Git - thirdparty/linux.git/commitdiff
ksmbd: reject empty-attribute synchronize-only create
authorNamjae Jeon <linkinjeon@kernel.org>
Sun, 21 Jun 2026 10:44:40 +0000 (19:44 +0900)
committerSteve French <stfrench@microsoft.com>
Tue, 23 Jun 2026 01:15:05 +0000 (20:15 -0500)
smb2.create.gentest checks each desired access bit independently and
expects an open that requests only SYNCHRONIZE with CreateDisposition
OPEN_IF and FileAttributes 0 to fail with STATUS_ACCESS_DENIED.

Rejecting all SYNCHRONIZE-only opens is too broad: SYNCHRONIZE does not
imply read, write, or delete data access, and
smb2.sharemode.sharemode-access expects a SYNCHRONIZE-only open to succeed
when it does not conflict with the existing share mode.

Limit the rejection to the gentest create shape: SYNCHRONIZE-only access,
OPEN_IF disposition, and no file attributes. Other synchronize-only opens
are handled by the normal permission and share-mode checks.

Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
fs/smb/server/smb2pdu.c

index a3ae37e8b24dce43e258318c58b5fae7ff79331e..9a1308f32f455c94147a362b11d421a1fe728c7b 100644 (file)
@@ -3332,6 +3332,13 @@ int smb2_open(struct ksmbd_work *work)
                goto err_out2;
        }
 
+       if (req->DesiredAccess == FILE_SYNCHRONIZE_LE &&
+           req->CreateDisposition == FILE_OPEN_IF_LE &&
+           !req->FileAttributes) {
+               rc = -EACCES;
+               goto err_out2;
+       }
+
        if (req->FileAttributes && !(req->FileAttributes & FILE_ATTRIBUTE_MASK_LE)) {
                pr_err("Invalid file attribute : 0x%x\n",
                       le32_to_cpu(req->FileAttributes));