Commit 5efb579e authored Apr 22, 2026 by Marios Makassikis Committed by Steve French Apr 22, 2026

smb: server: stop sending fake security descriptors



in smb2_get_info_sec, a dummy security descriptor (SD) is returned if
the requested information is not supported.

the code is currently wrong, as DACL_PROTECTED is set in the type field,
but there is no DACL is present.

instead of faking a security, report a STATUS_NOT_SUPPORTED error.

this seems to fix a "Error 0x80090006: Invalid Signature" on file
transfers with Windows 11 clients (25H2, build 26200.8246).

capturing traffic shows that the client is sending a GET_INFO/SEC_INFO
request, with the additional_info field set to 0x20
(ATTRIBUTE_SECURITY_INFORMATION). Returning an empty SD
(with only SELF_RELATIVE set) does not fix the error.

Signed-off-by: Marios Makassikis <mmakassikis@freebox.fr>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>

parent b0da97c0

fs/smb/server/smb2pdu.c

+2 −15

Original line number	Diff line number	Diff line
		@@ -5746,20 +5746,8 @@ static int smb2_get_info_sec(struct ksmbd_work *work,
		ksmbd_debug(SMB, "Unsupported addition info: 0x%x)\n",
		addition_info);

		pntsd = kzalloc(ALIGN(sizeof(struct smb_ntsd), 8),
		KSMBD_DEFAULT_GFP);
		if (!pntsd)
		return -ENOMEM;

		pntsd->revision = cpu_to_le16(1);
		pntsd->type = cpu_to_le16(SELF_RELATIVE \| DACL_PROTECTED);
		pntsd->osidoffset = 0;
		pntsd->gsidoffset = 0;
		pntsd->sacloffset = 0;
		pntsd->dacloffset = 0;

		secdesclen = sizeof(struct smb_ntsd);
		goto iov_pin;
		rsp->hdr.Status = STATUS_NOT_SUPPORTED;
		return -EINVAL;
		}

		if (work->next_smb2_rcv_hdr_off) {
		@@ -5826,7 +5814,6 @@ static int smb2_get_info_sec(struct ksmbd_work *work,
		if (rc)
		goto err_out;

		iov_pin:
		rsp->OutputBufferLength = cpu_to_le32(secdesclen);
		rc = buffer_check_err(le32_to_cpu(req->OutputBufferLength),
		rsp, work->response_buf);