ksmbd: block asynchronous requests when making a delay on session setup

[ Upstream commit b096d97f47326b1e2dbdef1c91fab69ffda54d17 ] ksmbd make a delay of 5 seconds on session setup to avoid dictionary attacks. But the 5 seconds delay can be bypassed by using asynchronous requests. This patch block all requests on current connection when making a delay on sesstion setup failure. Cc: stable@vger.kernel.org Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-20482 Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
author: Namjae Jeon <linkinjeon@kernel.org> 2023-05-03 02:43:30 +0300
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2023-05-17 12:53:56 +0300
commit: 502cf9709036d9305495876fa8c33c8a52541b15 (patch)
tree: b6fe9cec9cbc2a38c34929f21b6646c8a82cca09 /fs/ksmbd
parent: 1fc8a2b14ef5223f8e0b95faba2ee0a6e4d0f99d (diff)
download: linux-502cf9709036d9305495876fa8c33c8a52541b15.tar.xz
1 files changed, 4 insertions, 1 deletions
diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c
index d3f33194faf1..e7594a56cbfe 100644
--- a/fs/ksmbd/smb2pdu.c
+++ b/fs/ksmbd/smb2pdu.c
@@ -1862,8 +1862,11 @@ out_err:
 
 			sess->last_active = jiffies;
 			sess->state = SMB2_SESSION_EXPIRED;
-			if (try_delay)
+			if (try_delay) {
+				ksmbd_conn_set_need_reconnect(conn);
 				ssleep(5);
+				ksmbd_conn_set_need_negotiate(conn);
+			}
 		}
 	}
author	Namjae Jeon <linkinjeon@kernel.org>	2023-05-03 02:43:30 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2023-05-17 12:53:56 +0300
commit	502cf9709036d9305495876fa8c33c8a52541b15 (patch)
tree	b6fe9cec9cbc2a38c34929f21b6646c8a82cca09 /fs/ksmbd
parent	1fc8a2b14ef5223f8e0b95faba2ee0a6e4d0f99d (diff)
download	linux-502cf9709036d9305495876fa8c33c8a52541b15.tar.xz