Apple's smbd Has No FSCTL_SRV_COPYCHUNK Limit Enforcement: 256 Bytes In, 64 GiB Disk I/O Out

Apple's proprietary /usr/sbin/smbd implementation does not enforce the three required limits for FSCTL_SRV_COPYCHUNK as specified in MS-SMB2 §3.3.5.15.6. Tests showed it accepts up to 65,535 chunks (vs. the 256 limit), 1,048,577-byte chunks (vs. 1 MiB), and ~17 MiB total data (vs. 16 MiB), all returning STATUS_SUCCESS instead of STATUS_INVALID_PARAMETER. A single 256-byte IOCTL request can trigger 64 GiB of disk I/O due to an unchecked loop. Apple confirmed the issue in April 2026, with a fix planned for Fall 2026.