Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Various SMB1 fixes #491

Closed
wants to merge 5 commits into from
Closed

Various SMB1 fixes #491

wants to merge 5 commits into from

Conversation

mmakassikis
Copy link

While checking the latest ksmbd patches, I noticed I have some local SMB1 specific changes that I forgot to upstream:

  • ksmbd: smb1: fix out-of-bounds write in smb_read_andx_pipe
  • ksmbd: smb1: add missing hash_del when destroying session
  • ksmbd: smb1: handle unknown NTLM message as an error
  • ksmbd: smb1: add missing ksmbd_update_fstate calls
  • ksmbd: smb1: increment session refcnt

The first two fix memory corruptions. The third is more of logic error in that the server does not send an error back to the client. The last result in resource leaks.

Marios Makassikis added 5 commits November 29, 2024 11:09
ksmbd: smb1: fix out-of-bounds write in smb_read_andx_pipe
b09330a 
process rpc requests similarly to smb2 code. in particular, do not
assume the default response buffer is large enough to hold the rpc
response.

Signed-off-by: Marios Makassikis <[email protected]>
ksmbd: smb1: add missing hash_del when destroying session
dae91e9 
Signed-off-by: Marios Makassikis <[email protected]>
ksmbd: smb1: handle unknown NTLM message as an error
a6cca72 
while here, log whatever message type was received

Signed-off-by: Marios Makassikis <[email protected]>
ksmbd: smb1: add missing ksmbd_update_fstate calls
340dada 
fixes fd leaks which result in ksmbd not being able to accept
new clients.

Can be reproduced with repeatedly renaming a file on the share.

Signed-off-by: Marios Makassikis <[email protected]>
ksmbd: smb1: increment session refcnt
e6adc5a 
needed after commit 6f6416f ("ksmbd: fix user-after-free from
session log off"), as the ksmbd_user_session_put() call in server.c
will be called regardless of the protocol version.

Signed-off-by: Marios Makassikis <[email protected]>
@mmakassikis mmakassikis force-pushed the private/marios/smb1_next branch 2 times, most recently from 4e65b20 to e6adc5a Compare November 29, 2024 11:22
@namjaejeon
Copy link
Owner

Applied them to #next.
Thanks for your work!

@namjaejeon namjaejeon closed this Dec 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mmakassikis @namjaejeon