From: Namjae Jeon Date: Sun, 21 Jun 2026 10:44:40 +0000 (+0900) Subject: ksmbd: reject empty-attribute synchronize-only create X-Git-Tag: v7.2-rc1~23^2~18 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4687da7b28cff019a61d802afac44e2bf92edb98;p=thirdparty%2Flinux.git ksmbd: reject empty-attribute synchronize-only create smb2.create.gentest checks each desired access bit independently and expects an open that requests only SYNCHRONIZE with CreateDisposition OPEN_IF and FileAttributes 0 to fail with STATUS_ACCESS_DENIED. Rejecting all SYNCHRONIZE-only opens is too broad: SYNCHRONIZE does not imply read, write, or delete data access, and smb2.sharemode.sharemode-access expects a SYNCHRONIZE-only open to succeed when it does not conflict with the existing share mode. Limit the rejection to the gentest create shape: SYNCHRONIZE-only access, OPEN_IF disposition, and no file attributes. Other synchronize-only opens are handled by the normal permission and share-mode checks. Signed-off-by: Namjae Jeon Signed-off-by: Steve French --- diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c index a3ae37e8b24dc..9a1308f32f455 100644 --- a/fs/smb/server/smb2pdu.c +++ b/fs/smb/server/smb2pdu.c @@ -3332,6 +3332,13 @@ int smb2_open(struct ksmbd_work *work) goto err_out2; } + if (req->DesiredAccess == FILE_SYNCHRONIZE_LE && + req->CreateDisposition == FILE_OPEN_IF_LE && + !req->FileAttributes) { + rc = -EACCES; + goto err_out2; + } + if (req->FileAttributes && !(req->FileAttributes & FILE_ATTRIBUTE_MASK_LE)) { pr_err("Invalid file attribute : 0x%x\n", le32_to_cpu(req->FileAttributes));