I spent the time exercising some new fuzzing tools on the ksmbd and smb
code purely because it's something that is simple to set up and test
locally with virtual machines, and in doing so, potentially found some
minor problems for when you have an "untrusted" client.

Here's some fixes for what I happened to notice.  They pass my very
limited testing here, but please don't trust them at all and verify that
I'm not just making this all up before accepting them.

thanks!

greg k-h

Greg Kroah-Hartman (3):
  ksmbd: validate EaNameLength in smb2_get_ea()
  ksmbd: require 3 sub-authorities before reading sub_auth[2]
  ksmbd: fix mechToken leak when SPNEGO decode fails after token alloc

 fs/smb/server/connection.c | 1 +
 fs/smb/server/smb2pdu.c    | 7 ++++++-
 fs/smb/server/smbacl.c     | 3 ++-
 3 files changed, 9 insertions(+), 2 deletions(-)

-- 
2.53.0

On Mon, Apr 6, 2026 at 10:47 PM Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> I spent the time exercising some new fuzzing tools on the ksmbd and smb
> code purely because it's something that is simple to set up and test
> locally with virtual machines, and in doing so, potentially found some
> minor problems for when you have an "untrusted" client.
>
> Here's some fixes for what I happened to notice.  They pass my very
> limited testing here, but please don't trust them at all and verify that
> I'm not just making this all up before accepting them.
>
> thanks!
>
> greg k-h
>
> Greg Kroah-Hartman (3):
>   ksmbd: validate EaNameLength in smb2_get_ea()
>   ksmbd: require 3 sub-authorities before reading sub_auth[2]
>   ksmbd: fix mechToken leak when SPNEGO decode fails after token alloc
Applied them to #ksmbd-for-next-next.
Thanks for the patches!