[{"id":3679595,"web_url":"http://patchwork.ozlabs.org/comment/3679595/","msgid":"","list_archive_url":null,"date":"2026-04-20T20:55:46","subject":"Re: [PATCH] smb: client: require a full NFS mode SID before reading\n mode bits","submitter":{"id":510,"url":"http://patchwork.ozlabs.org/api/people/510/","name":"Steve French","email":"smfrench@gmail.com"},"content":"This patch wouldn't apply due to a conflict with \"smb: client:\nvalidate the whole DACL before rewriting it in cifsacl\"\n\nHad to change \"end_of_acl\" to \"end_of_dacl\"\n\nSee attached.\n\nOn Mon, Apr 20, 2026 at 10:14 AM Michael Bommarito\n wrote:\n>\n> parse_dacl() treats an ACE SID matching sid_unix_NFS_mode as an NFS\n> mode SID and reads sid.sub_auth[2] to recover the mode bits.\n>\n> That assumes the ACE carries three subauthorities, but compare_sids()\n> only compares min(a, b) subauthorities. A malicious server can return\n> an ACE with num_subauth = 2 and sub_auth[] = {88, 3}, which still\n> matches sid_unix_NFS_mode and then drives the sub_auth[2] read four\n> bytes past the end of the ACE.\n>\n> Require num_subauth >= 3 before treating the ACE as an NFS mode SID.\n> This keeps the fix local to the special-SID mode path without changing\n> compare_sids() semantics for the rest of cifsacl.\n>\n> Fixes: e2f8fbfb8d09 (\"cifs: get mode bits from special sid on stat\")\n> Cc: stable@vger.kernel.org\n> Assisted-by: Claude:claude-opus-4-6\n> Signed-off-by: Michael Bommarito \n> ---\n> fs/smb/client/cifsacl.c | 1 +\n> 1 file changed, 1 insertion(+)\n>\n> diff --git a/fs/smb/client/cifsacl.c b/fs/smb/client/cifsacl.c\n> index c920039d733c..a62c8a733779 100644\n> --- a/fs/smb/client/cifsacl.c\n> +++ b/fs/smb/client/cifsacl.c\n> @@ -831,6 +831,7 @@ static void parse_dacl(struct smb_acl *pdacl, char *end_of_acl,\n> dump_ace(ppace[i], end_of_acl);\n> #endif\n> if (mode_from_special_sid &&\n> + ppace[i]->sid.num_subauth >= 3 &&\n> (compare_sids(&(ppace[i]->sid),\n> &sid_unix_NFS_mode) == 0)) {\n> /*\n> --\n> 2.53.0\n>\n>","headers":{"Return-Path":"\n ","X-Original-To":["incoming@patchwork.ozlabs.org","linux-cifs@vger.kernel.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256\n header.s=20251104 header.b=qxmPKIJ6;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c0a:e001:db::12fc:5321; helo=sea.lore.kernel.org;\n envelope-from=linux-cifs+bounces-10970-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)","smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com\n header.b=\"qxmPKIJ6\"","smtp.subspace.kernel.org;\n arc=pass smtp.client-ip=209.85.219.52","smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=gmail.com","smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=gmail.com"],"Received":["from sea.lore.kernel.org (sea.lore.kernel.org\n [IPv6:2600:3c0a:e001:db::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fzySh0ZYFz1yHB\n\tfor ; Tue, 21 Apr 2026 06:56:04 +1000 (AEST)","from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sea.lore.kernel.org (Postfix) with ESMTP id 8E0C0300C5AE\n\tfor ; Mon, 20 Apr 2026 20:56:01 +0000 (UTC)","from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id D8366388E6A;\n\tMon, 20 Apr 2026 20:56:00 +0000 (UTC)","from mail-qv1-f52.google.com (mail-qv1-f52.google.com\n [209.85.219.52])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 804D53876BF\n\tfor ; Mon, 20 Apr 2026 20:55:59 +0000 (UTC)","by mail-qv1-f52.google.com with SMTP id\n 6a1803df08f44-89f1e767f92so33505046d6.2\n for ;\n Mon, 20 Apr 2026 13:55:59 -0700 (PDT)"],"ARC-Seal":["i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1776718560; cv=pass;\n b=YdR/Jnt6fx5vQCgiAeVtRgUo4MPNIxJWbZREJivOVA6PuI0rluVO9Z+/Mn6oBUX+IPyG5yFe1fgj7Wd0bIy5Bt1wXiWqblpKIzWjEMr4qjLE2XbZ5y6kEiJPIT0WAo9Ml/5l13gBFRFro7wybaC3h5Vu9Sqd8UdExvm++GupA1w=","i=1; a=rsa-sha256; t=1776718558; cv=none;\n d=google.com; s=arc-20240605;\n b=BH0NxuIsrc2LOqMlBUtZRI7QnXFhiwEQrwn4l6GZSG55Ee3ddoBWowpuwvYacs8BGi\n iUWR5crmAAduHEUlTTdEODMEJVWunoqhmCa04RxS8OA4mKj+fMMW5CI8aIkdqG+aXXHy\n Zo8vuCfwJFJ38yi+mcH49cvuRWTYFFtmSNYcv2ZgcY7xmXi6+6LJ1+sVhN2NQQmRkn3j\n M1O9dEyJwV3jI5hOALxt8NZWJv1wbCD0X0lh7a775zf0ILL6lK0c4+tMa7Yy8SjLnmcx\n vXkvzFSIXHB+mkcKpRNuHMW/Js9vgOHZGHqT/AKKPT30uO2ec2jtcgCKCqBLoFTjJiUm\n 5oUw=="],"ARC-Message-Signature":["i=2; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1776718560; c=relaxed/simple;\n\tbh=jQsef1nrrUFXEEwHzi13OXBwDXb3hcJzxauEMF9wkIg=;\n\th=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject:\n\t To:Cc:Content-Type;\n b=ANYYAjyuTseY14jOL8LT0ogkPHWhv+MgLuBPNvPJRpvv4NQndpwhK9mHHb3cmrcO4wfkPE/MSZRrVAtxwJbRBoaEoC0QjL8aiwvLCg4jtmywHpsJxnDceidtEwzmRugxByiOnwjBnTMOby3nDBASlxRVwegIzFNhg8iEPIwAYTQ=","i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;\n s=arc-20240605;\n h=cc:to:subject:message-id:date:from:in-reply-to:references\n :mime-version:dkim-signature;\n bh=SkOn3Nx+drgx8Ekbv4vlvgPE5Sw0mB11UeBSsIadLQw=;\n fh=2EOeRQaHvv55sTH1VSvVowx0I5XR6p0J0mOkSH4poSw=;\n b=VNiNyLElDAuNNepiaYkhut7slRCcICD3l9vDRHCicGKB4qisBl4l3o6CaamzUnfplE\n nXhi8yudGbdjD+QdVZ19IM9U3vZY7WQkRrkT9Gvufw1nwY4KPaxG2dXGBzRwmJ7pgVtt\n wpCynMvCOenM6bNr27v/o0amgvqnaTAGA1qB8oUTZa1AM8O+oH5+I8hUTwRjbMh20u+5\n rM1TpfzjBM9w6ZxNJPimaek3OygF2DV+y2gjT61LOFy4PIXBA5LzDzEQfgjpLgmbOHKu\n syr6naMHumtY5NmhR6Qi/dojEOY2AcG4Au0lG33scK6kcfjXrzvLMrHERXidwyXAqFD5\n LtGQ==;\n darn=vger.kernel.org"],"ARC-Authentication-Results":["i=2; smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=gmail.com;\n spf=pass smtp.mailfrom=gmail.com;\n dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com\n header.b=qxmPKIJ6; arc=pass smtp.client-ip=209.85.219.52","i=1; mx.google.com; arc=none"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=gmail.com; s=20251104; t=1776718558; x=1777323358;\n darn=vger.kernel.org;\n h=cc:to:subject:message-id:date:from:in-reply-to:references\n :mime-version:from:to:cc:subject:date:message-id:reply-to;\n bh=SkOn3Nx+drgx8Ekbv4vlvgPE5Sw0mB11UeBSsIadLQw=;\n b=qxmPKIJ6JYZBy/NJIi0KaMiTGEfCokx+4xaKdoBzCxuQjI5FsE20y6wTmtetlIlUv7\n 2xY7LGGkvbOjpfc4onR2fm81BMsKUhqjUcqUdqf+kE5QHFZiwtoAwLrOqAVS8/dXxCwJ\n V4cZp1jEJAGiWBl3xqUNpR3EUPjSwZmsDOMAYTMrV6wMdwERHxCbbltManzHgU7QtDRo\n G5i0t0yZqWEWBneiOiGlhaKFgHeIVnxhH6rtA+1kY/q9FI+AOeP6DcxZYq5NYD0JliEr\n sw1bR/S7hdx7WLNQcnjtrlZ3Qrez9JPetI3jOkXXGn+Gp2TOiYPALKVxCb89i3/Q5fD/\n CLew==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1776718558; x=1777323358;\n h=cc:to:subject:message-id:date:from:in-reply-to:references\n :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date\n :message-id:reply-to;\n bh=SkOn3Nx+drgx8Ekbv4vlvgPE5Sw0mB11UeBSsIadLQw=;\n b=JegGEv+Sy2ecovdDOO5+3nKGihVUZQIpPBkJPa3oQGgu23FL2UgjMdxilt2m8SpkHw\n wJQXud9VVkrRiaaLCJR0m1gC9PRIlGfB62rjjr1Yztk6WqftJVOU9CvnHP5lPdRuG6Ji\n a/fSqd7R/4bXxpDrAANVSixP0mR1O9PmJ45pe1K55Zh0ou4J/Cv8SY8ZrLNorBFLbb6J\n VY1DxRYoeYFoZtsTwCY/4CFeOH2eNH61XD35JlCA7rYZTtNe9/6i2hMMr0uFyJ8DiKN7\n oe6E1r7/VaytRZnJgMA8b6N6OY9grgGV2Mu8yvtX/8XtHs3Zxp5U7FK9JmSVh8C0pz09\n eb3Q==","X-Gm-Message-State":"AOJu0Yy6+pmHSoqbG64ZNPWFgcGXbH5sxJubF/gMbXZ1pSZ9rBMn80RF\n\tn6awbW7PG30kdPt16uBM1rHTvfF2YBajCteE+gWEWr+XDkoWwdb3StAL9G+NNmYM329LFtSjDsR\n\t2ZR1b5O7B5h1SPnsw9uROLifdB6U8E0M=","X-Gm-Gg":"AeBDiesX5FbF3OIJJH8u3f0GNGw2B/iodBwZFiT+BoWcQZ1N4VdVI2UugC+4Kx/PeAB\n\tGp8fg9LiiIaeNeU2cdNVc+p9ZMB66JudRRiUfHcn3D9uzHj3YzmLoAzpBZxeRCLjOO8U8LpdOf4\n\tzrpVKjCod/QJca8iHNheXs3ADpgeuZCcPsS/wYzl0MgDIEFOVCvGAbrTlKJNuvfmnMWJuaR8tts\n\t83pWRkX4VYESUGPOCoL6h44QNF3VcREEorNKpTvZR+0GY5fWyYuXdqVOqAWAsG8cww/zzr7f1wQ\n\ta1Pr1lGyPQL7pjXwo7iNZ8Gyhkaqyf7Wte4FtCsMDjpOexkc26d/M1vjbzFjsxKuVQgb1tlmhR7\n\t/T1aDQLURxaFHCe7WcFygD7xd4x9GBLTIRcf5pquYjbpQnhuCPSux9dNY89EQejwQBc2yWfu3SZ\n\t31Q2OLnNfOd+V7dzHHm1U7rRwPx5/eknU=","X-Received":"by 2002:a05:6214:40b:b0:8ac:ba63:a1b1 with SMTP id\n 6a1803df08f44-8b028176865mr263218276d6.49.1776718558402; Mon, 20 Apr 2026\n 13:55:58 -0700 (PDT)","Precedence":"bulk","X-Mailing-List":"linux-cifs@vger.kernel.org","List-Id":"","List-Subscribe":"","List-Unsubscribe":"","MIME-Version":"1.0","References":"<20260420135058.469990-1-michael.bommarito@gmail.com>","In-Reply-To":"<20260420135058.469990-1-michael.bommarito@gmail.com>","From":"Steve French ","Date":"Mon, 20 Apr 2026 15:55:46 -0500","X-Gm-Features":"AQROBzD8qRbzGNoHBRFQQ-qhVLxIr37bW187p-BIkjgp1HOYAQyTfXz4z952k2Y","Message-ID":"\n ","Subject":"Re: [PATCH] smb: client: require a full NFS mode SID before reading\n mode bits","To":"Michael Bommarito ","Cc":"linux-cifs@vger.kernel.org, Paulo Alcantara ,\n\tsamba-technical@lists.samba.org, linux-kernel@vger.kernel.org,\n\tstable@vger.kernel.org","Content-Type":"multipart/mixed; boundary=\"0000000000008a9ef1064fea863d\""}}]