GET

Patch Detail

get:
Show a patch.

patch:
Update a patch.

put:
Update a patch.

GET /api/patches/2231472/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 2231472,
    "url": "http://patchwork.ozlabs.org/api/patches/2231472/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/linux-cifs-client/patch/20260430-kerbmi-v2-2-0b98fe250425@microsoft.com/",
    "project": {
        "id": 12,
        "url": "http://patchwork.ozlabs.org/api/projects/12/?format=api",
        "name": "Linux CIFS Client",
        "link_name": "linux-cifs-client",
        "list_id": "linux-cifs.vger.kernel.org",
        "list_email": "linux-cifs@vger.kernel.org",
        "web_url": "",
        "scm_url": "",
        "webscm_url": "",
        "list_archive_url": "",
        "list_archive_url_format": "",
        "commit_url_format": ""
    },
    "msgid": "<20260430-kerbmi-v2-2-0b98fe250425@microsoft.com>",
    "list_archive_url": null,
    "date": "2026-04-30T17:48:24",
    "name": "[v2,2/2] smb: client: Zero-pad short GSS session keys per MS-SMB2",
    "commit_ref": null,
    "pull_url": null,
    "state": "new",
    "archived": false,
    "hash": "a36825cdbc0705dd5a16e8a3591664d3bf04133b",
    "submitter": {
        "id": 92318,
        "url": "http://patchwork.ozlabs.org/api/people/92318/?format=api",
        "name": "Piyush Sachdeva",
        "email": "s.piyush1024@gmail.com"
    },
    "delegate": null,
    "mbox": "http://patchwork.ozlabs.org/project/linux-cifs-client/patch/20260430-kerbmi-v2-2-0b98fe250425@microsoft.com/mbox/",
    "series": [
        {
            "id": 502352,
            "url": "http://patchwork.ozlabs.org/api/series/502352/?format=api",
            "web_url": "http://patchwork.ozlabs.org/project/linux-cifs-client/list/?series=502352",
            "date": "2026-04-30T17:48:22",
            "name": "smb: client: Spec-compliance fixes for Kerberos key derivation",
            "version": 2,
            "mbox": "http://patchwork.ozlabs.org/series/502352/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/patches/2231472/comments/",
    "check": "pending",
    "checks": "http://patchwork.ozlabs.org/api/patches/2231472/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "\n <linux-cifs+bounces-11313-incoming=patchwork.ozlabs.org@vger.kernel.org>",
        "X-Original-To": [
            "incoming@patchwork.ozlabs.org",
            "linux-cifs@vger.kernel.org"
        ],
        "Delivered-To": "patchwork-incoming@legolas.ozlabs.org",
        "Authentication-Results": [
            "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256\n header.s=20251104 header.b=ajX4S1oZ;\n\tdkim-atps=neutral",
            "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c0a:e001:db::12fc:5321; helo=sea.lore.kernel.org;\n envelope-from=linux-cifs+bounces-11313-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)",
            "smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com\n header.b=\"ajX4S1oZ\"",
            "smtp.subspace.kernel.org;\n arc=none smtp.client-ip=209.85.215.180",
            "smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=gmail.com",
            "smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=gmail.com"
        ],
        "Received": [
            "from sea.lore.kernel.org (sea.lore.kernel.org\n [IPv6:2600:3c0a:e001:db::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g61vF0Zzxz1yGq\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 01 May 2026 03:51:37 +1000 (AEST)",
            "from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sea.lore.kernel.org (Postfix) with ESMTP id 2A6CE3076C21\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 30 Apr 2026 17:48:49 +0000 (UTC)",
            "from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 061DB472794;\n\tThu, 30 Apr 2026 17:48:49 +0000 (UTC)",
            "from mail-pg1-f180.google.com (mail-pg1-f180.google.com\n [209.85.215.180])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id A7834477E3F\n\tfor <linux-cifs@vger.kernel.org>; Thu, 30 Apr 2026 17:48:47 +0000 (UTC)",
            "by mail-pg1-f180.google.com with SMTP id\n 41be03b00d2f7-c648bc907ebso766833a12.3\n        for <linux-cifs@vger.kernel.org>;\n Thu, 30 Apr 2026 10:48:47 -0700 (PDT)",
            "from localhost ([49.207.150.30])\n        by smtp.gmail.com with ESMTPSA id\n d2e1a72fcca58-8351582e185sm278771b3a.3.2026.04.30.10.48.45\n        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n        Thu, 30 Apr 2026 10:48:46 -0700 (PDT)"
        ],
        "ARC-Seal": "i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1777571328; cv=none;\n b=DSiLVBw8j13pbOBwumPIFLePL2s1TBc220m9wZXPj88FOyfR9Jxkzx4xvw/GcM7WEZ+w1GiRJRyDnRJ3xlWgRKFEOU2Txvm3HCME4PEk9amaZRT7mPggpC+LetIDJ6m2a4Ql4OTnkG6tYUEMsJ2YDLU/i4QGXxf9U9R0H5ZYz9Q=",
        "ARC-Message-Signature": "i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1777571328; c=relaxed/simple;\n\tbh=aHoBqTbdr56DO71Zlzzaandq5SHQ8sCJYyYln2KmSW0=;\n\th=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References:\n\t In-Reply-To:To:Cc;\n b=XpKy9VHW2RJw+IaoC8nVhxdfkgbef6Ywe13YPTn5Z5sT9dztJu6QESmnh44fo5hQwGOU/oHXW72/gX2vT3QXIywEmOfXNITz7Ld8+YcmqftK2xSRxD6v77Nix7LtStn1SUxFNVn0kDPGe/UBJwRS+7+QkmrQ75iRYccXUkVyqpA=",
        "ARC-Authentication-Results": "i=1; smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=gmail.com;\n spf=pass smtp.mailfrom=gmail.com;\n dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com\n header.b=ajX4S1oZ; arc=none smtp.client-ip=209.85.215.180",
        "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n        d=gmail.com; s=20251104; t=1777571327; x=1778176127;\n darn=vger.kernel.org;\n        h=cc:to:in-reply-to:references:message-id:content-transfer-encoding\n         :mime-version:subject:date:from:from:to:cc:subject:date:message-id\n         :reply-to;\n        bh=yv2fHWPI4GY7ycdmc2I4lTP92YQsllQ8O6sfU4iOItg=;\n        b=ajX4S1oZV31iH1kiV4kkA4B8RGAnF0rE6h+o3ciGBmAmWHhXiALgOGjPIfoVvsb7KJ\n         B4e1dTmZTG49CTBcC9tMZRSQo5mrLHP0HHg5dIKK51U/El0WNCOlen2W7kcyrGwpnWsf\n         33X/IY/A7G+/SRAs94fF2TxkEaN0BoIaXS6kFLvqlEeNR5MyxWCI8DBgYTqpZyNGT/Rj\n         bMHgwqrk0xN5sjG40YdopSfGl/oiAarzBqa7pvQQkU9DoIFFyeTwsDQ5UfNu66fD+4Gq\n         ynhuV/xDESNNqF0O30319g/RTobqFtkPh7/oMoUvGmDdBz3IM5ZaAAYdSNivaQNH8NDT\n         +8GA==",
        "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n        d=1e100.net; s=20251104; t=1777571327; x=1778176127;\n        h=cc:to:in-reply-to:references:message-id:content-transfer-encoding\n         :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to\n         :cc:subject:date:message-id:reply-to;\n        bh=yv2fHWPI4GY7ycdmc2I4lTP92YQsllQ8O6sfU4iOItg=;\n        b=rZeiDib+YgFBnL6Of1HEe6ZzFs1N8VSprDBKlzoyBvhHCFq3Rlh9KIOwjSEl0wPksp\n         mu6ptE+HdsjYAUy4yODiZy7zrwYu6hvk4AKbsUNTy1nQXAV5GssO69n3ThjqvsaSPxpS\n         mHSUwvvs0rA4/0aYsZ30Y4mu9etu7Yf+ZjE7yva1jtyt6sCR5p25KgpKnMFGubRfEPmB\n         pLDyWarwpUXwEyunKXJWQ28CIEVH/nQ7rv7bByO2TJLtRdb58RvgGe2uGS0qrJvbjy1c\n         THAUD07ARzOZChUq7tvqNMFP1bD0ne4L7x5H6VSH8Bc56bXtKbp1elJj8H58MkuVb9xC\n         Bbxg==",
        "X-Forwarded-Encrypted": "i=1;\n AFNElJ9WhhVtROL4T7BI62vcKL7+RGHxr/lz4UIt4hQLK1xpV3BOa/CTIlycGw+1SI3eDOtbLQNe4Ulr9lpF@vger.kernel.org",
        "X-Gm-Message-State": "AOJu0YxuDj291EM8lUQ6r866MpWKfWtpKbehTQ+QLMf7r86n76t7TgD4\n\t1lBkbupUWakUdLu+tyogL65D5dgSmigYBlt62elYPQUpceGdxgEibeMA",
        "X-Gm-Gg": "AeBDieuTiQGh1GErH9zpsUqk54Q8/VU7p21S5XTvri+7rrNvpBID5aNeYTP///Em9uT\n\teBoD+qPH/NO0bomN53EXoxWLec/FHeCV7La4NxJgalJGxIC2nAMuIT/88TWTiG5SA2My9ubCp9G\n\t23cKTEpK0brbEBnZISKlF7JWn1klxfCjCd/GWtkJJX4CfIlzKXduBZXj0maYj4iRD4Ayc5Lzjln\n\toN981q223FmZiF32fEDRudAS66de+a1OHptkuVnxeR6pIbjwk9PrhgPdVEXKO2CIefpZr5NG8RQ\n\tUhXk7mCensNtpMPILxw1oTNgqJsECWw5ET4uaxuDvqP+OCzLZSHFgKOsOcoq2pMeJs3DXQyBFHV\n\tmp/1zDHcXthLY5iKErBzFrbDEoLLQ2M+7wH30Kl/zLAJGxIV5z9S3ZSLHyMezxCQi78IJNKH9wR\n\t3lregcxYuFamb2uNlB0lr2E4dLPYeVQ7pfMCp0j9bkg1Gy8iIXMMFAUDbRr5Zh",
        "X-Received": "by 2002:a05:6a00:909d:b0:81f:5037:a317 with SMTP id\n d2e1a72fcca58-834fdb1345emr4334423b3a.11.1777571326639;\n        Thu, 30 Apr 2026 10:48:46 -0700 (PDT)",
        "From": "Piyush Sachdeva <s.piyush1024@gmail.com>",
        "X-Google-Original-From": "Piyush Sachdeva <psachdeva@microsoft.com>",
        "Date": "Thu, 30 Apr 2026 23:18:24 +0530",
        "Subject": "[PATCH v2 2/2] smb: client: Zero-pad short GSS session keys per\n MS-SMB2",
        "Precedence": "bulk",
        "X-Mailing-List": "linux-cifs@vger.kernel.org",
        "List-Id": "<linux-cifs.vger.kernel.org>",
        "List-Subscribe": "<mailto:linux-cifs+subscribe@vger.kernel.org>",
        "List-Unsubscribe": "<mailto:linux-cifs+unsubscribe@vger.kernel.org>",
        "MIME-Version": "1.0",
        "Content-Type": "text/plain; charset=\"utf-8\"",
        "Content-Transfer-Encoding": "7bit",
        "Message-Id": "<20260430-kerbmi-v2-2-0b98fe250425@microsoft.com>",
        "References": "<20260430-kerbmi-v2-0-0b98fe250425@microsoft.com>",
        "In-Reply-To": "<20260430-kerbmi-v2-0-0b98fe250425@microsoft.com>",
        "To": "Steve French <sfrench@samba.org>, linux-cifs@vger.kernel.org,\n Shyam Prasad N <sprasad@microsoft.com>,\n Bharath SM <bharathsm@microsoft.com>",
        "Cc": "samba-technical@lists.samba.org, linux-kernel@vger.kernel.org,\n vaibsharma@microsoft.com",
        "X-Mailer": "b4 0.15.2",
        "X-Developer-Signature": "v=1; a=openpgp-sha256; l=3414;\n i=psachdeva@microsoft.com; h=from:subject:message-id;\n bh=aHoBqTbdr56DO71Zlzzaandq5SHQ8sCJYyYln2KmSW0=;\n b=owGbwMvMwCV29FJ3ncRHDT/G02pJDJmfp36Y1SsyOXPuWc+60JDNV/zit7Tq/pv3nulpyY+Li\n Y/fX9es7JjIwiDGxWAppsiy4cQdWd74XZLzPj0xgpnDygQyRFqkgQEIWBj4chPzSo10jPRMtQ31\n DI10DHSMGbg4BWCqk70YGS7MWcO/smkdz+xDRxMlFA+wFglfelvZMl18p1FeW8XMRm5Ghs9LPzf\n KHc2z6mDWbLqhnLiEwzTQV+9R897QyJ1aWy8z8AMA",
        "X-Developer-Key": "i=psachdeva@microsoft.com; a=openpgp;\n fpr=80350F71F916134953C3EB979E19C6F9839C3CFC"
    },
    "content": "Per MS-SMB2 section 3.2.5.3, Session.SessionKey is the first 16 bytes\nof the GSS cryptographic key, right-padded with zero bytes if the key\nis shorter than 16 bytes.\n\nSMB2_auth_kerberos() copies the GSS session key from the cifs.upcall\nresponse using kmemdup(msg->data, msg->sesskey_len, ...) and stores\nthe GSS-reported length verbatim in ses->auth_key.len. generate_key()\nreads SMB2_NTLMV2_SESSKEY_SIZE bytes from this buffer when feeding the\nHMAC-SHA256 KDF for signing key derivation. If a GSS mechanism returns\na session key shorter than 16 bytes (e.g. a deprecated single-DES\nKerberos enctype with an 8-byte session key), the KDF call performs an\nout-of-bounds slab read and derives keys that do not match the server,\nwhich pads per the spec.\n\nModern KDCs disable short-key enctypes by default, so this is latent\nrather than reachable in production, but it is still a kernel heap\nover-read.\n\nAllocate auth_key.response with kzalloc() at a length of\nmax(msg->sesskey_len, SMB2_NTLMV2_SESSKEY_SIZE), copy the GSS key in,\nand rely on kzalloc()'s zero initialization for the spec-mandated\npadding. Set ses->auth_key.len to the padded length. Larger GSS keys\n(e.g. the 32-byte aes256-cts-hmac-sha1-96 session key) continue to be\nstored at their natural length, preserving the FullSessionKey path.\n\nEmit a cifs_dbg(VFS, ...) message when a short key is encountered to\nsurface deprecated-enctype usage.\n\nNTLMv2 and NTLMSSP code paths produce a 16-byte session key by\nconstruction and are unaffected.\n\nSigned-off-by: Piyush Sachdeva <psachdeva@microsoft.com>\nSigned-off-by: Piyush Sachdeva <s.piyush1024@gmail.com>\n---\n fs/smb/client/smb2pdu.c | 23 ++++++++++++++++++-----\n 1 file changed, 18 insertions(+), 5 deletions(-)",
    "diff": "diff --git a/fs/smb/client/smb2pdu.c b/fs/smb/client/smb2pdu.c\nindex cb61051f9af3..995fcdd30681 100644\n--- a/fs/smb/client/smb2pdu.c\n+++ b/fs/smb/client/smb2pdu.c\n@@ -1713,17 +1713,30 @@ SMB2_auth_kerberos(struct SMB2_sess_data *sess_data)\n \tis_binding = (ses->ses_status == SES_GOOD);\n \tspin_unlock(&ses->ses_lock);\n \n+\t/*\n+\t * Per MS-SMB2 3.2.5.3, Session.SessionKey is the first 16 bytes of the\n+\t * GSS cryptographic key, right-padded with zero bytes if shorter.\n+\t * Allocate at least SMB2_NTLMV2_SESSKEY_SIZE bytes (zeroed) so the KDF\n+\t * input buffer is always valid for HMAC-SHA256 even with deprecated\n+\t * Kerberos enctypes that return a short session key.\n+\t */\n+\tif (unlikely(msg->sesskey_len < SMB2_NTLMV2_SESSKEY_SIZE))\n+\t\tcifs_dbg(VFS,\n+\t\t\t \"short GSS session key (%u bytes); zero-padding per MS-SMB2 3.2.5.3\\n\",\n+\t\t\t msg->sesskey_len);\n+\n \tkfree_sensitive(ses->auth_key.response);\n-\tses->auth_key.response = kmemdup(msg->data,\n-\t\t\t\t\t msg->sesskey_len,\n-\t\t\t\t\t GFP_KERNEL);\n+\tses->auth_key.len = max_t(unsigned int, msg->sesskey_len,\n+\t\t\t\t  SMB2_NTLMV2_SESSKEY_SIZE);\n+\tses->auth_key.response = kzalloc(ses->auth_key.len, GFP_KERNEL);\n \tif (!ses->auth_key.response) {\n \t\tcifs_dbg(VFS, \"%s: can't allocate (%u bytes) memory\\n\",\n-\t\t\t __func__, msg->sesskey_len);\n+\t\t\t __func__, ses->auth_key.len);\n+\t\tses->auth_key.len = 0;\n \t\trc = -ENOMEM;\n \t\tgoto out_put_spnego_key;\n \t}\n-\tses->auth_key.len = msg->sesskey_len;\n+\tmemcpy(ses->auth_key.response, msg->data, msg->sesskey_len);\n \n \tsess_data->iov[1].iov_base = msg->data + msg->sesskey_len;\n \tsess_data->iov[1].iov_len = msg->secblob_len;\n",
    "prefixes": [
        "v2",
        "2/2"
    ]
}