Ksmbd-review

From SambaWiki
Revision as of 17:03, 20 September 2021 by Sfrench (talk | contribs) (Created page with "There are various checks that are especially important for SMB3 servers. They fall into multiple categories: - packet processing checks to make sure buffers do not overflow,...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

There are various checks that are especially important for SMB3 servers. They fall into multiple categories:

- packet processing checks to make sure buffers do not overflow, allowing access to data outside the SMB request - path processing checks to make sure access to files outside the share is not permitted, these include checks for ".." or "../.." to make sure they do not go outside the share, and checks for symlinks in paths and checks to ensure paths do not allow a processed path "\" or "/" e.g. outside the share - denial of service and resource checks (e.g. ensure that no single client can exhaust the server by opening millions of files, or use so many credits that they submit thousands of simultaneous requests starving other clients)

Packet processing checks in ksmbd
Type of check Status (submitted, reviewed) Function(s) including the check (and patch name if not included yet) Additional work if any
SMB3 header validation
StructureSize field check for 19 SMB3 commands
Generic check for packet overflow
Check for open context overflow
Check for negotiate context overflow
Path processing checks in ksmbd
Type of check Status (submitted, reviewed) Function(s) including the check (and patch name if not included yet) Additional work if any
checks for .. escaping the share
checks for symlinks in path components
checks for resolved path never being / or \ (outside the share)


Denial of Service checks
Type of check Status (submitted, reviewed) Function(s) including the check (and patch name if not included yet) Additional work if any
checks for opening too many files
checks for allowing too many requests (crediting)