smb2: fix timeout/busyloop with some SMBv1 servers
Question: What timeout value should we use to detect that a server is responding?
Merge request reports
Activity
changed milestone to %4.0
added MRStatus::Reviewable label
added MRStatus::InReview label and removed MRStatus::Reviewable label
added 8 commits
- d56dab09 - access: cache: don't call free_cb from entry_Delete
- 7e45dbf4 - smb2: don't use sys->error_status while opening
- e2ee8583 - smb2: rework error handling
- 51651ed8 - smb2: destroy the context in case of error
- 0fa55fb9 - smb2: remove teardown handling
- 25b986cb - smb2: always use smb2 timeout
- a346805b - smb2: timeout on first connection
- d67f34bb - access: cache: interrupt when the cache is destroyed
Toggle commit listmentioned in merge request !1606 (closed)
345 346 346 347 struct vlc_smb2_op op = VLC_SMB2_OP(access, sys->smb2); 347 348 348 if (smb2_lseek(op.smb2, sys->smb2fh, i_pos, SEEK_SET, NULL) < 0) 349 int err = smb2_lseek(op.smb2, sys->smb2fh, i_pos, SEEK_SET, NULL); 350 if (err < 0) 349 351 { 350 VLC_SMB2_SET_ERROR(&op, "smb2_seek_async", 1); 351 sys->error_status = op.error_status; 352 VLC_SMB2_SET_ERROR(&op, "smb2_seek_async", err); 352 353 return VLC_EGENERIC; 198 /* vlc_smb2_mainloop() can be called to clean-up after an error, but this 199 * function can override the error_status (from async cbs). Therefore, 200 * store the original error_status in order to restore it at the end of 201 * this call (since we want to keep the first and original error status). */ 202 int original_error_status = op->error_status; 203 204 if (teardown) 205 { 206 /* Don't use vlc_poll_i11e that will return immediately with the EINTR 207 * errno if VLC's input is interrupted. Use the posix poll with a 208 * timeout to let a chance for a clean teardown. */ 209 timeout = TEARDOWN_TIMEOUT; 210 poll_func = (void *)poll; 211 op->error_status = 0; 212 } 201 #define FIRST_CONNECT_TIMEOUT 250 /* in ms */ I could increase to 2 seconds, but in the worst case scenario, the user will always have to wait 2 seconds when parsing or player a file, unless !1399 (closed) is merged. In that case, the extra wait happen only once (per vlc instance).
For the record, the samba project use a delay of 2seconds before trying the SMBv1 port but they don't kill the SMBv2 connection attempt like we must do (because smb2 and dsm are different modules).
I already made a mistake in the past, half breaking SMBv1 for android users, we got ton of complaints. People are not ready to get rid of this shitty and dangerous protocol (but I'm personal).
-
Uh FWIW Samba disabled SMB1 2.5 years ago. But my point is not that SMB1 should or shouldn't be dropped.
My point is that you can't downgrade because that's a security vulnerability, and in this particular case, an actively exploited one. In other words you MUST NOT use SMB1 with a server that supports SMB2, even if the server accepts SMB1-only clients.
mentioned in merge request !1622 (merged)
Depends on !1622 (merged)
added 76 commits
-
a346805b...c8570567 - 69 commits from branch
videolan:master - e126c4d5 - access: cache: don't call free_cb from entry_Delete
- e6bda87f - smb2: don't use sys->error_status while opening
- fe28dbcc - smb2: rework error handling
- 606f7c09 - smb2: destroy the context in case of error
- 05d68967 - smb2: remove teardown handling
- bd4e92f9 - smb2: always use smb2 timeout
- 4a4e42fc - smb2: timeout on first connection
Toggle commit list-
a346805b...c8570567 - 69 commits from branch
added MRStatus::NotCompliant label and removed MRStatus::InReview label
mentioned in issue #26825 (closed)
