diff mbox

4.9 backport version of SMB3: Validate negotiate request must always be signed patch

Message ID CAH2r5muwc3pMTSyvw1eMjh++CvhY0yN7ONxgF0Md-1S_F_0Yvw@mail.gmail.com (mailing list archive)
State New, archived
Headers show

Commit Message

Steve French March 12, 2018, 3:05 a.m. UTC
Attached backport version of my "validate negotiate must always be
signed" patch for 4.9 ran into another problem (oops in the signing
code) - so we may be missing more than one patch in the 4.9 backport
(more generally for signing).

Comments

Srivatsa S. Bhat March 12, 2018, 4:05 a.m. UTC | #1
Hi Steve,

On 3/11/18 8:05 PM, Steve French wrote:
> Attached backport version of my "validate negotiate must always be
> signed" patch for 4.9 ran into another problem (oops in the signing
> code) - so we may be missing more than one patch in the 4.9 backport
> (more generally for signing).
> 

This patch looks just like the one I had posted in my very first mail
on that other thread, so I suspect that the oops is also the same as the
one I had reported in that same email: https://lkml.org/lkml/2018/1/3/892

Following that, I had tried backporting other patches to 4.4 and 4.9
based on suggestions from Aurelien, but unfortunately that hadn't worked
out either, as reported here: https://lkml.org/lkml/2018/1/29/1009

Regards,
Srivatsa

> 
> 
> 0001-kernel-v4.9-version-of-SMB3-Validate-negotiate-request-must-always-be-signe.patch
> 
> 
> From 453d6e152e5b63d7dbde6116771e1648757b6a53 Mon Sep 17 00:00:00 2001
> From: Steve French <smfrench@gmail.com>
> Date: Sun, 11 Mar 2018 20:00:27 -0700
> Subject: [PATCH] SMB3: Validate negotiate request must always be signed
> 
> According to MS-SMB2 3.2.55 validate_negotiate request must
> always be signed. Some Windows can fail the request if you send it unsigned
> 
> See kernel bugzilla bug 197311
> 
> [Patch fixed up for kernel version 4.9]
> 
> CC: Stable <stable@vger.kernel.org>
> Acked-by: Ronnie Sahlberg <lsahlber.redhat.com>
> Signed-off-by: Steve French <smfrench@gmail.com>
> ---
>  fs/cifs/smb2pdu.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
> index 94c4c1901222..4c2eaf05a6a4 100644
> --- a/fs/cifs/smb2pdu.c
> +++ b/fs/cifs/smb2pdu.c
> @@ -1712,6 +1712,9 @@ SMB2_ioctl(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid,
>  	} else
>  		iov[0].iov_len = get_rfc1002_length(req) + 4;
>  
> +	/* validate negotiate request must be signed - see MS-SMB2 3.2.5.5 */
> +	if (opcode == FSCTL_VALIDATE_NEGOTIATE_INFO)
> +		req->hdr.Flags |= SMB2_FLAGS_SIGNED;
>  
>  	rc = SendReceive2(xid, ses, iov, num_iovecs, &resp_buftype, 0);
>  	rsp = (struct smb2_ioctl_rsp *)iov[0].iov_base;
> -- 2.14.1
> 

--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

From 453d6e152e5b63d7dbde6116771e1648757b6a53 Mon Sep 17 00:00:00 2001
From: Steve French <smfrench@gmail.com>
Date: Sun, 11 Mar 2018 20:00:27 -0700
Subject: [PATCH] SMB3: Validate negotiate request must always be signed

According to MS-SMB2 3.2.55 validate_negotiate request must
always be signed. Some Windows can fail the request if you send it unsigned

See kernel bugzilla bug 197311

[Patch fixed up for kernel version 4.9]

CC: Stable <stable@vger.kernel.org>
Acked-by: Ronnie Sahlberg <lsahlber.redhat.com>
Signed-off-by: Steve French <smfrench@gmail.com>
---
 fs/cifs/smb2pdu.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
index 94c4c1901222..4c2eaf05a6a4 100644
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -1712,6 +1712,9 @@  SMB2_ioctl(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid,
 	} else
 		iov[0].iov_len = get_rfc1002_length(req) + 4;
 
+	/* validate negotiate request must be signed - see MS-SMB2 3.2.5.5 */
+	if (opcode == FSCTL_VALIDATE_NEGOTIATE_INFO)
+		req->hdr.Flags |= SMB2_FLAGS_SIGNED;
 
 	rc = SendReceive2(xid, ses, iov, num_iovecs, &resp_buftype, 0);
 	rsp = (struct smb2_ioctl_rsp *)iov[0].iov_base;
-- 
2.14.1