Skip to content

Commit dc3e0f1

Browse files
namjaejeonsmfrench
namjaejeon
authored and
smfrench
committed
ksmbd: allow a filename to contain special characters on SMB3.1.1 posix extension
If client send SMB2_CREATE_POSIX_CONTEXT to ksmbd, Allow a filename to contain special characters. Reported-by: Philipp Kerling <pkerling@casix.org> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com>
1 parent 571781e commit dc3e0f1

File tree

1 file changed

+27
-26
lines changed

1 file changed

+27
-26
lines changed

fs/smb/server/smb2pdu.c

Lines changed: 27 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -2874,7 +2874,7 @@ int smb2_open(struct ksmbd_work *work)
28742874
int req_op_level = 0, open_flags = 0, may_flags = 0, file_info = 0;
28752875
int rc = 0;
28762876
int contxt_cnt = 0, query_disk_id = 0;
2877-
int maximal_access_ctxt = 0, posix_ctxt = 0;
2877+
bool maximal_access_ctxt = false, posix_ctxt = false;
28782878
int s_type = 0;
28792879
int next_off = 0;
28802880
char *name = NULL;
@@ -2903,6 +2903,27 @@ int smb2_open(struct ksmbd_work *work)
29032903
return create_smb2_pipe(work);
29042904
}
29052905

2906+
if (req->CreateContextsOffset && tcon->posix_extensions) {
2907+
context = smb2_find_context_vals(req, SMB2_CREATE_TAG_POSIX, 16);
2908+
if (IS_ERR(context)) {
2909+
rc = PTR_ERR(context);
2910+
goto err_out2;
2911+
} else if (context) {
2912+
struct create_posix *posix = (struct create_posix *)context;
2913+
2914+
if (le16_to_cpu(context->DataOffset) +
2915+
le32_to_cpu(context->DataLength) <
2916+
sizeof(struct create_posix) - 4) {
2917+
rc = -EINVAL;
2918+
goto err_out2;
2919+
}
2920+
ksmbd_debug(SMB, "get posix context\n");
2921+
2922+
posix_mode = le32_to_cpu(posix->Mode);
2923+
posix_ctxt = true;
2924+
}
2925+
}
2926+
29062927
if (req->NameLength) {
29072928
name = smb2_get_name((char *)req + le16_to_cpu(req->NameOffset),
29082929
le16_to_cpu(req->NameLength),
@@ -2925,9 +2946,11 @@ int smb2_open(struct ksmbd_work *work)
29252946
goto err_out2;
29262947
}
29272948

2928-
rc = ksmbd_validate_filename(name);
2929-
if (rc < 0)
2930-
goto err_out2;
2949+
if (posix_ctxt == false) {
2950+
rc = ksmbd_validate_filename(name);
2951+
if (rc < 0)
2952+
goto err_out2;
2953+
}
29312954

29322955
if (ksmbd_share_veto_filename(share, name)) {
29332956
rc = -ENOENT;
@@ -3085,28 +3108,6 @@ int smb2_open(struct ksmbd_work *work)
30853108
rc = -EBADF;
30863109
goto err_out2;
30873110
}
3088-
3089-
if (tcon->posix_extensions) {
3090-
context = smb2_find_context_vals(req,
3091-
SMB2_CREATE_TAG_POSIX, 16);
3092-
if (IS_ERR(context)) {
3093-
rc = PTR_ERR(context);
3094-
goto err_out2;
3095-
} else if (context) {
3096-
struct create_posix *posix =
3097-
(struct create_posix *)context;
3098-
if (le16_to_cpu(context->DataOffset) +
3099-
le32_to_cpu(context->DataLength) <
3100-
sizeof(struct create_posix) - 4) {
3101-
rc = -EINVAL;
3102-
goto err_out2;
3103-
}
3104-
ksmbd_debug(SMB, "get posix context\n");
3105-
3106-
posix_mode = le32_to_cpu(posix->Mode);
3107-
posix_ctxt = 1;
3108-
}
3109-
}
31103111
}
31113112

31123113
if (ksmbd_override_fsids(work)) {

0 commit comments

Comments
 (0)