From e9329d3c43bfba6af506107b11bec98ae0465701 Mon Sep 17 00:00:00 2001
From: Namjae Jeon <linkinjeon@kernel.org>
Date: Mon, 17 Jun 2024 06:40:30 +0000
Subject: [PATCH] ksmbd: no response from compound read

mainline inclusion
from mainline-v6.5-rc4
commit e202a1e8634b186da38cbbff85382ea2b9e297cf
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IA5YWA
CVE: CVE-2023-39179

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e202a1e8634b186da38cbbff85382ea2b9e297cf

--------------------------------

ksmbd doesn't support compound read. If client send read-read in
compound to ksmbd, there can be memory leak from read buffer.
Windows and linux clients doesn't send it to server yet. For now,
No response from compound read. compound read will be supported soon.

Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-21587, ZDI-CAN-21588
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Conflicts:
	fs/smb/server/smb2pdu.c
[smb2_read function is not move to fs/smb/server/smb2pdu.c.]
Signed-off-by: Cai Xinchen <caixinchen1@huawei.com>
---
 fs/ksmbd/smb2pdu.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c
index 4df7108a886f..215ea7f83d09 100644
--- a/fs/ksmbd/smb2pdu.c
+++ b/fs/ksmbd/smb2pdu.c
@@ -6249,6 +6249,11 @@ int smb2_read(struct ksmbd_work *work)
 	int err = 0;
 
 	WORK_BUFFERS(work, req, rsp);
+	if (work->next_smb2_rcv_hdr_off) {
+		work->send_no_response = 1;
+		err = -EOPNOTSUPP;
+		goto out;
+	}
 
 	if (test_share_config_flag(work->tcon->share_conf,
 				   KSMBD_SHARE_FLAG_PIPE)) {
-- 
Gitee