diff options
| author | Namjae Jeon <linkinjeon@kernel.org> | 2026-06-21 19:32:18 +0900 |
|---|---|---|
| committer | Steve French <stfrench@microsoft.com> | 2026-06-22 20:15:05 -0500 |
| commit | a04159d96c27fd4836538ea6e8ff653b65242eac (patch) | |
| tree | d5a19a57f209f2940573d55ca390dc393e817ee6 | |
| parent | 0c054227479ed7e36ebccb3a558bc0ef698264f6 (diff) | |
ksmbd: handle missing create contexts for lease opens
smb2_find_context_vals() assumes that callers only search create
contexts when the SMB2 CREATE request contains a non-empty create context
area. That is not always true. a client can send RequestedOplockLevel set
to SMB2_OPLOCK_LEVEL_LEASE without a lease create context.
In that case parse_lease_state() searches for a lease context and
smb2_find_context_vals() starts parsing from offset 0 with length 0,
returning -EINVAL. This makes the open fail with STATUS_INVALID_PARAMETER.
The smbtorture smb2.lease.duplicate_open test hits this while creating
a second file without a lease request.
Return NULL when the request has no create context area so the missing
context is treated the same as any other absent create context. The open
then continues without granting a lease.
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
| -rw-r--r-- | fs/smb/server/oplock.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/fs/smb/server/oplock.c b/fs/smb/server/oplock.c index d936c338f7c7..5424f2a5cf3d 100644 --- a/fs/smb/server/oplock.c +++ b/fs/smb/server/oplock.c @@ -1760,6 +1760,9 @@ struct create_context *smb2_find_context_vals(void *open_req, const char *tag, i * CreateContextsOffset and CreateContextsLength are guaranteed to * be valid because of ksmbd_smb2_check_message(). */ + if (!req->CreateContextsOffset || !req->CreateContextsLength) + return NULL; + cc = (struct create_context *)((char *)req + le32_to_cpu(req->CreateContextsOffset)); remain_len = le32_to_cpu(req->CreateContextsLength); |
