From: Marios Makassikis Date: Wed, 22 Apr 2026 01:14:50 +0000 (+0900) Subject: smb: server: stop sending fake security descriptors X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5efb579e0d1ee02b85e3ce2da691c88c93111060;p=thirdparty%2Fkernel%2Fstable.git smb: server: stop sending fake security descriptors in smb2_get_info_sec, a dummy security descriptor (SD) is returned if the requested information is not supported. the code is currently wrong, as DACL_PROTECTED is set in the type field, but there is no DACL is present. instead of faking a security, report a STATUS_NOT_SUPPORTED error. this seems to fix a "Error 0x80090006: Invalid Signature" on file transfers with Windows 11 clients (25H2, build 26200.8246). capturing traffic shows that the client is sending a GET_INFO/SEC_INFO request, with the additional_info field set to 0x20 (ATTRIBUTE_SECURITY_INFORMATION). Returning an empty SD (with only SELF_RELATIVE set) does not fix the error. Signed-off-by: Marios Makassikis Acked-by: Namjae Jeon Signed-off-by: Steve French --- diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c index 939089304052..21825a69c29a 100644 --- a/fs/smb/server/smb2pdu.c +++ b/fs/smb/server/smb2pdu.c @@ -5746,20 +5746,8 @@ static int smb2_get_info_sec(struct ksmbd_work *work, ksmbd_debug(SMB, "Unsupported addition info: 0x%x)\n", addition_info); - pntsd = kzalloc(ALIGN(sizeof(struct smb_ntsd), 8), - KSMBD_DEFAULT_GFP); - if (!pntsd) - return -ENOMEM; - - pntsd->revision = cpu_to_le16(1); - pntsd->type = cpu_to_le16(SELF_RELATIVE | DACL_PROTECTED); - pntsd->osidoffset = 0; - pntsd->gsidoffset = 0; - pntsd->sacloffset = 0; - pntsd->dacloffset = 0; - - secdesclen = sizeof(struct smb_ntsd); - goto iov_pin; + rsp->hdr.Status = STATUS_NOT_SUPPORTED; + return -EINVAL; } if (work->next_smb2_rcv_hdr_off) { @@ -5826,7 +5814,6 @@ release_acl: if (rc) goto err_out; -iov_pin: rsp->OutputBufferLength = cpu_to_le32(secdesclen); rc = buffer_check_err(le32_to_cpu(req->OutputBufferLength), rsp, work->response_buf);