GET

Patch Detail

get:
Show a patch.

patch:
Update a patch.

put:
Update a patch.

GET /api/1.2/patches/2234484/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 2234484,
    "url": "http://patchwork.ozlabs.org/api/1.2/patches/2234484/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/linux-cifs-client/patch/20260507-kerbmi-v3-2-397ebbb53eff@microsoft.com/",
    "project": {
        "id": 12,
        "url": "http://patchwork.ozlabs.org/api/1.2/projects/12/?format=api",
        "name": "Linux CIFS Client",
        "link_name": "linux-cifs-client",
        "list_id": "linux-cifs.vger.kernel.org",
        "list_email": "linux-cifs@vger.kernel.org",
        "web_url": "",
        "scm_url": "",
        "webscm_url": "",
        "list_archive_url": "",
        "list_archive_url_format": "",
        "commit_url_format": ""
    },
    "msgid": "<20260507-kerbmi-v3-2-397ebbb53eff@microsoft.com>",
    "list_archive_url": null,
    "date": "2026-05-07T16:52:14",
    "name": "[v3,2/2] smb: client: Zero-pad short GSS session keys per MS-SMB2",
    "commit_ref": null,
    "pull_url": null,
    "state": "new",
    "archived": false,
    "hash": "a36825cdbc0705dd5a16e8a3591664d3bf04133b",
    "submitter": {
        "id": 92318,
        "url": "http://patchwork.ozlabs.org/api/1.2/people/92318/?format=api",
        "name": "Piyush Sachdeva",
        "email": "s.piyush1024@gmail.com"
    },
    "delegate": null,
    "mbox": "http://patchwork.ozlabs.org/project/linux-cifs-client/patch/20260507-kerbmi-v3-2-397ebbb53eff@microsoft.com/mbox/",
    "series": [
        {
            "id": 503227,
            "url": "http://patchwork.ozlabs.org/api/1.2/series/503227/?format=api",
            "web_url": "http://patchwork.ozlabs.org/project/linux-cifs-client/list/?series=503227",
            "date": "2026-05-07T16:52:12",
            "name": "smb: client: Spec-compliance fixes for Kerberos key derivation",
            "version": 3,
            "mbox": "http://patchwork.ozlabs.org/series/503227/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/patches/2234484/comments/",
    "check": "pending",
    "checks": "http://patchwork.ozlabs.org/api/patches/2234484/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "\n <linux-cifs+bounces-11420-incoming=patchwork.ozlabs.org@vger.kernel.org>",
        "X-Original-To": [
            "incoming@patchwork.ozlabs.org",
            "linux-cifs@vger.kernel.org"
        ],
        "Delivered-To": "patchwork-incoming@legolas.ozlabs.org",
        "Authentication-Results": [
            "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256\n header.s=20251104 header.b=hLOKaJ2P;\n\tdkim-atps=neutral",
            "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c04:e001:36c::12fc:5321; helo=tor.lore.kernel.org;\n envelope-from=linux-cifs+bounces-11420-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)",
            "smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com\n header.b=\"hLOKaJ2P\"",
            "smtp.subspace.kernel.org;\n arc=none smtp.client-ip=209.85.214.171",
            "smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=gmail.com",
            "smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=gmail.com"
        ],
        "Received": [
            "from tor.lore.kernel.org (tor.lore.kernel.org\n [IPv6:2600:3c04:e001:36c::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4gBJNM11gBz1yCg\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 08 May 2026 02:58:11 +1000 (AEST)",
            "from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby tor.lore.kernel.org (Postfix) with ESMTP id EEB9330AA183\n\tfor <incoming@patchwork.ozlabs.org>; Thu,  7 May 2026 16:52:52 +0000 (UTC)",
            "from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id A5BA1451071;\n\tThu,  7 May 2026 16:52:31 +0000 (UTC)",
            "from mail-pl1-f171.google.com (mail-pl1-f171.google.com\n [209.85.214.171])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id EDB9445107D\n\tfor <linux-cifs@vger.kernel.org>; Thu,  7 May 2026 16:52:29 +0000 (UTC)",
            "by mail-pl1-f171.google.com with SMTP id\n d9443c01a7336-2b9ea536877so8108735ad.1\n        for <linux-cifs@vger.kernel.org>;\n Thu, 07 May 2026 09:52:29 -0700 (PDT)",
            "from localhost ([49.207.150.30])\n        by smtp.gmail.com with ESMTPSA id\n d9443c01a7336-2bae783dc50sm2551575ad.43.2026.05.07.09.52.28\n        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n        Thu, 07 May 2026 09:52:28 -0700 (PDT)"
        ],
        "ARC-Seal": "i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1778172751; cv=none;\n b=MJa31x/g8VxxfVU9e+o6xF5PH+51BQr67z34CwkWvarD2cKmZjoFBoSlDmyKRXTyiFmoyedN7+UlUzIcsP5sNCtlePuATqDXBdWoEdm9UZH4gVHBVFF94OUncd9QXsZdQh/8Xs3c+nCA9L8yuLYDFLaWoaZyUNMRt/PKlVKNNF4=",
        "ARC-Message-Signature": "i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1778172751; c=relaxed/simple;\n\tbh=aHoBqTbdr56DO71Zlzzaandq5SHQ8sCJYyYln2KmSW0=;\n\th=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References:\n\t In-Reply-To:To:Cc;\n b=kBza/eFvWzCHmzRas/uuNOsTqyCR6JMBM/515hwuTfVu6BtZ3PVvVGKu6I2b6jPmmZ+HMRrFw+uicL2GNrttrpNZ0KlTSS7vfP60oVdeIvpCgw3VFRyID21vMSGQpFDMUjfPvOgkT4AHdSx8UFQRIZ+HjK7Ff33JGEtntqyCyas=",
        "ARC-Authentication-Results": "i=1; smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=gmail.com;\n spf=pass smtp.mailfrom=gmail.com;\n dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com\n header.b=hLOKaJ2P; arc=none smtp.client-ip=209.85.214.171",
        "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n        d=gmail.com; s=20251104; t=1778172749; x=1778777549;\n darn=vger.kernel.org;\n        h=cc:to:in-reply-to:references:message-id:content-transfer-encoding\n         :mime-version:subject:date:from:from:to:cc:subject:date:message-id\n         :reply-to;\n        bh=yv2fHWPI4GY7ycdmc2I4lTP92YQsllQ8O6sfU4iOItg=;\n        b=hLOKaJ2PpTO1yTKqpMknJRZzPhXHNq7xaXp8V5BnrxFTCvd0QcDK0DZAgm9VzK5bTT\n         Bux/AzMC2D7MJSLwhzTFDYnZc/PcFfAPrt8RjuB79Xlff9UFigczDKCeflfeCkGTz2G7\n         HABg0Kz931SdXv4whao41c0gDBwe/KKq6Y93up4S8hhGD6St0cVinpDlhAcwwesiCqFs\n         Z31FaqJ6koWowukjj/sUlfYD1qGPef56yjJbpvWTC/ZDLJf7Or6GBkk1inCS5dXXNvHH\n         TEnPVgXz9V6ixzjwa7SYJTbCt+ZIiVAH4LzRzP2VOMF76lXLsF0xCUxlnpIInpu0Rg1C\n         y0zA==",
        "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n        d=1e100.net; s=20251104; t=1778172749; x=1778777549;\n        h=cc:to:in-reply-to:references:message-id:content-transfer-encoding\n         :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to\n         :cc:subject:date:message-id:reply-to;\n        bh=yv2fHWPI4GY7ycdmc2I4lTP92YQsllQ8O6sfU4iOItg=;\n        b=egeyOouhCSAlAosQ1ENvkbkhFbfgvqh14rJJ20lOvLQciLMUm0+/EwbPMoR3L2tn3f\n         iu0GI+pHSn0ecqHl6Co/2KMH6H28EibsK7DTXLhCL3rkg7kOsoEnT9TaZFk7aRCero5j\n         lDn848QdVlxBjJqEwUi/NkqydO8Jpc2TvtP8a/qd7nJyaSdsT5Jt3wPbSlLr4Q930vAF\n         0KURvOLQU/5sekmtcGEElzg+PX0E9rgpXhNpkPlQWUwJDLdoNsi7GlK0ElZE29uVVIHc\n         oyv9W8IGNbVQtWj0g9Q5fu2+9EYsonin0hjXAPcaw9xs39UjHGIHkGJaRIXmu7HFTH4t\n         Ac8A==",
        "X-Forwarded-Encrypted": "i=1;\n AFNElJ8ZExb3cs20TTOZAJG9+3zbNIRl7Bn4qN9Nhoqmowy3GkzLMivkJqFdCFO1CQ2DO8/9FstgVEGeujU4@vger.kernel.org",
        "X-Gm-Message-State": "AOJu0YyWGuBqGKdjAMw1Cux/TqI4xDLVNpb1PLdp7Fga1I0We9BzBv0N\n\tONVe6DsK+J25vIIIifU04nlBmGHjKPQCJO/ltxCoHZZ84RchBabHFETV",
        "X-Gm-Gg": "Acq92OEPCN9Zoig8lPXd67rMNV7QVPuklAPrpl102XhBG9sKmxB1s35S6HTfPlkhggS\n\tnil10RMZt6RyAWIFA5lXJtSjhsP2yFubHKZzXLG8aqKmlEvmDx7sUZkNm75sVKMu9L6Mw79/LMX\n\te+CfESNqG42spzPNYdDVrWLfwyAQc95NU5X088w8y3GCzUjlAOb8fGnblsEUfhS1I0g2WskKA1r\n\tm4eXgRljpdE3Y80OBxEeqxB9iqYsL0g18VVfAXqiU+ukfHpEenyke9QKUqM0ZH8cwMlMcbvJtqp\n\t9PIfpWdu/CiiHd6JUXkT+nJTeQSGvHqH5ldWLPT/18yL24xr1P1HcJDSiAePJMmXNHb8BpoWggJ\n\tcKPL9Nn2GoOp0gTcm9XwYk36P6MR/NV22qF1YZBcaD0JVuoWSL3W0DVev5qM59sHJJ6dqzXnV+j\n\tDdbW0veb5K7eKZXl2/ou0DQshvBxrjcHXSNWoTZvs=",
        "X-Received": "by 2002:a17:903:4b03:b0:2ba:21c2:d6cb with SMTP id\n d9443c01a7336-2babd4bdb6dmr31502595ad.16.1778172749225;\n        Thu, 07 May 2026 09:52:29 -0700 (PDT)",
        "From": "Piyush Sachdeva <s.piyush1024@gmail.com>",
        "X-Google-Original-From": "Piyush Sachdeva <psachdeva@microsoft.com>",
        "Date": "Thu, 07 May 2026 22:22:14 +0530",
        "Subject": "[PATCH v3 2/2] smb: client: Zero-pad short GSS session keys per\n MS-SMB2",
        "Precedence": "bulk",
        "X-Mailing-List": "linux-cifs@vger.kernel.org",
        "List-Id": "<linux-cifs.vger.kernel.org>",
        "List-Subscribe": "<mailto:linux-cifs+subscribe@vger.kernel.org>",
        "List-Unsubscribe": "<mailto:linux-cifs+unsubscribe@vger.kernel.org>",
        "MIME-Version": "1.0",
        "Content-Type": "text/plain; charset=\"utf-8\"",
        "Content-Transfer-Encoding": "7bit",
        "Message-Id": "<20260507-kerbmi-v3-2-397ebbb53eff@microsoft.com>",
        "References": "<20260507-kerbmi-v3-0-397ebbb53eff@microsoft.com>",
        "In-Reply-To": "<20260507-kerbmi-v3-0-397ebbb53eff@microsoft.com>",
        "To": "Steve French <sfrench@samba.org>, linux-cifs@vger.kernel.org,\n Shyam Prasad N <sprasad@microsoft.com>,\n Bharath SM <bharathsm@microsoft.com>, Paulo Alcantara <pc@manguebit.org>,\n Ronnie Sahlberg <ronniesahlberg@gmail.com>, Tom Talpey <tom@talpey.com>",
        "Cc": "samba-technical@lists.samba.org, linux-kernel@vger.kernel.org,\n stable@vger.kernel.org, vaibsharma@microsoft.com",
        "X-Mailer": "b4 0.15.2",
        "X-Developer-Signature": "v=1; a=openpgp-sha256; l=3414;\n i=psachdeva@microsoft.com; h=from:subject:message-id;\n bh=aHoBqTbdr56DO71Zlzzaandq5SHQ8sCJYyYln2KmSW0=;\n b=owGbwMvMwCV29FJ3ncRHDT/G02pJDJl/Djv5n01fPnF6wi83E+7DM3gmtQm4HoiepBY1uZTl8\n JPUFofrHRNZGMS4GCzFFFk2nLgjyxu/S3LepydGMHNYmUCGSIs0MAABCwNfbmJeqZGOkZ6ptqGe\n oZGOgY4xAxenAEz1rmhGhl3Z+fqduVN3PKrUWPizViSXMyR50q3G2+V9rS87JQqKuRkZDv53CLH\n Zq7rpwDS+S/4HPjx+HeCpof6Laa5EUNHBg5X5TAA=",
        "X-Developer-Key": "i=psachdeva@microsoft.com; a=openpgp;\n fpr=80350F71F916134953C3EB979E19C6F9839C3CFC"
    },
    "content": "Per MS-SMB2 section 3.2.5.3, Session.SessionKey is the first 16 bytes\nof the GSS cryptographic key, right-padded with zero bytes if the key\nis shorter than 16 bytes.\n\nSMB2_auth_kerberos() copies the GSS session key from the cifs.upcall\nresponse using kmemdup(msg->data, msg->sesskey_len, ...) and stores\nthe GSS-reported length verbatim in ses->auth_key.len. generate_key()\nreads SMB2_NTLMV2_SESSKEY_SIZE bytes from this buffer when feeding the\nHMAC-SHA256 KDF for signing key derivation. If a GSS mechanism returns\na session key shorter than 16 bytes (e.g. a deprecated single-DES\nKerberos enctype with an 8-byte session key), the KDF call performs an\nout-of-bounds slab read and derives keys that do not match the server,\nwhich pads per the spec.\n\nModern KDCs disable short-key enctypes by default, so this is latent\nrather than reachable in production, but it is still a kernel heap\nover-read.\n\nAllocate auth_key.response with kzalloc() at a length of\nmax(msg->sesskey_len, SMB2_NTLMV2_SESSKEY_SIZE), copy the GSS key in,\nand rely on kzalloc()'s zero initialization for the spec-mandated\npadding. Set ses->auth_key.len to the padded length. Larger GSS keys\n(e.g. the 32-byte aes256-cts-hmac-sha1-96 session key) continue to be\nstored at their natural length, preserving the FullSessionKey path.\n\nEmit a cifs_dbg(VFS, ...) message when a short key is encountered to\nsurface deprecated-enctype usage.\n\nNTLMv2 and NTLMSSP code paths produce a 16-byte session key by\nconstruction and are unaffected.\n\nSigned-off-by: Piyush Sachdeva <psachdeva@microsoft.com>\nSigned-off-by: Piyush Sachdeva <s.piyush1024@gmail.com>\n---\n fs/smb/client/smb2pdu.c | 23 ++++++++++++++++++-----\n 1 file changed, 18 insertions(+), 5 deletions(-)",
    "diff": "diff --git a/fs/smb/client/smb2pdu.c b/fs/smb/client/smb2pdu.c\nindex cb61051f9af3..995fcdd30681 100644\n--- a/fs/smb/client/smb2pdu.c\n+++ b/fs/smb/client/smb2pdu.c\n@@ -1713,17 +1713,30 @@ SMB2_auth_kerberos(struct SMB2_sess_data *sess_data)\n \tis_binding = (ses->ses_status == SES_GOOD);\n \tspin_unlock(&ses->ses_lock);\n \n+\t/*\n+\t * Per MS-SMB2 3.2.5.3, Session.SessionKey is the first 16 bytes of the\n+\t * GSS cryptographic key, right-padded with zero bytes if shorter.\n+\t * Allocate at least SMB2_NTLMV2_SESSKEY_SIZE bytes (zeroed) so the KDF\n+\t * input buffer is always valid for HMAC-SHA256 even with deprecated\n+\t * Kerberos enctypes that return a short session key.\n+\t */\n+\tif (unlikely(msg->sesskey_len < SMB2_NTLMV2_SESSKEY_SIZE))\n+\t\tcifs_dbg(VFS,\n+\t\t\t \"short GSS session key (%u bytes); zero-padding per MS-SMB2 3.2.5.3\\n\",\n+\t\t\t msg->sesskey_len);\n+\n \tkfree_sensitive(ses->auth_key.response);\n-\tses->auth_key.response = kmemdup(msg->data,\n-\t\t\t\t\t msg->sesskey_len,\n-\t\t\t\t\t GFP_KERNEL);\n+\tses->auth_key.len = max_t(unsigned int, msg->sesskey_len,\n+\t\t\t\t  SMB2_NTLMV2_SESSKEY_SIZE);\n+\tses->auth_key.response = kzalloc(ses->auth_key.len, GFP_KERNEL);\n \tif (!ses->auth_key.response) {\n \t\tcifs_dbg(VFS, \"%s: can't allocate (%u bytes) memory\\n\",\n-\t\t\t __func__, msg->sesskey_len);\n+\t\t\t __func__, ses->auth_key.len);\n+\t\tses->auth_key.len = 0;\n \t\trc = -ENOMEM;\n \t\tgoto out_put_spnego_key;\n \t}\n-\tses->auth_key.len = msg->sesskey_len;\n+\tmemcpy(ses->auth_key.response, msg->data, msg->sesskey_len);\n \n \tsess_data->iov[1].iov_base = msg->data + msg->sesskey_len;\n \tsess_data->iov[1].iov_len = msg->secblob_len;\n",
    "prefixes": [
        "v3",
        "2/2"
    ]
}