[SRU,Xenial,Zesty,Artful,1/1] SMB3: Validate negotiate request must always be signed

Message ID 213aa1261a8b6f6bf6bfbeda8e6133aa5b6403fb.1509655719.git.joseph.salisbury@canonical.com
State New
Headers show
Series
  • [SRU,Xenial,Zesty,Artful,1/1] SMB3: Validate negotiate request must always be signed
Related show

Commit Message

Joseph Salisbury Nov. 3, 2017, 4:44 p.m.
From: Steve French <smfrench@gmail.com>

BugLink: http://bugs.launchpad.net/bugs/1729337

According to MS-SMB2 3.2.55 validate_negotiate request must
always be signed. Some Windows can fail the request if you send it unsigned

See kernel bugzilla bug 197311

CC: Stable <stable@vger.kernel.org>
Acked-by: Ronnie Sahlberg <lsahlber.redhat.com>
Signed-off-by: Steve French <smfrench@gmail.com>
(cherry picked from commit 4587eee04e2ac7ac3ac9fa2bc164fb6e548f99cd)
Signed-off-by: Joseph Salisbury <joseph.salisbury@canonical.com>
---
 fs/cifs/smb2pdu.c | 3 +++
 1 file changed, 3 insertions(+)

Comments

Kleber Sacilotto de Souza Nov. 14, 2017, 4:57 p.m. | #1
On 11/03/17 17:44, Joseph Salisbury wrote:
> From: Steve French <smfrench@gmail.com>
> 
> BugLink: http://bugs.launchpad.net/bugs/1729337
> 
> According to MS-SMB2 3.2.55 validate_negotiate request must
> always be signed. Some Windows can fail the request if you send it unsigned
> 
> See kernel bugzilla bug 197311
> 
> CC: Stable <stable@vger.kernel.org>
> Acked-by: Ronnie Sahlberg <lsahlber.redhat.com>
> Signed-off-by: Steve French <smfrench@gmail.com>
> (cherry picked from commit 4587eee04e2ac7ac3ac9fa2bc164fb6e548f99cd)
> Signed-off-by: Joseph Salisbury <joseph.salisbury@canonical.com>
> ---
>  fs/cifs/smb2pdu.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
> index 7aa6720..58ce078 100644
> --- a/fs/cifs/smb2pdu.c
> +++ b/fs/cifs/smb2pdu.c
> @@ -1888,6 +1888,9 @@ SMB2_ioctl(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid,
>  	} else
>  		iov[0].iov_len = get_rfc1002_length(req) + 4;
>  
> +	/* validate negotiate request must be signed - see MS-SMB2 3.2.5.5 */
> +	if (opcode == FSCTL_VALIDATE_NEGOTIATE_INFO)
> +		req->hdr.sync_hdr.Flags |= SMB2_FLAGS_SIGNED;
>  
>  	rc = SendReceive2(xid, ses, iov, n_iov, &resp_buftype, flags, &rsp_iov);
>  	cifs_small_buf_release(req);
> 

The fix is already on the queue for Artful as update to 4.13.11 stable
release. So for Xenial and Zesty:

Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Stefan Bader Nov. 15, 2017, 1:51 p.m. | #2
On 03.11.2017 17:44, Joseph Salisbury wrote:
> From: Steve French <smfrench@gmail.com>
> 
> BugLink: http://bugs.launchpad.net/bugs/1729337
> 
> According to MS-SMB2 3.2.55 validate_negotiate request must
> always be signed. Some Windows can fail the request if you send it unsigned
> 
> See kernel bugzilla bug 197311
> 
> CC: Stable <stable@vger.kernel.org>
> Acked-by: Ronnie Sahlberg <lsahlber.redhat.com>
> Signed-off-by: Steve French <smfrench@gmail.com>
> (cherry picked from commit 4587eee04e2ac7ac3ac9fa2bc164fb6e548f99cd)
> Signed-off-by: Joseph Salisbury <joseph.salisbury@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>

> ---
>  fs/cifs/smb2pdu.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
> index 7aa6720..58ce078 100644
> --- a/fs/cifs/smb2pdu.c
> +++ b/fs/cifs/smb2pdu.c
> @@ -1888,6 +1888,9 @@ SMB2_ioctl(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid,
>  	} else
>  		iov[0].iov_len = get_rfc1002_length(req) + 4;
>  
> +	/* validate negotiate request must be signed - see MS-SMB2 3.2.5.5 */
> +	if (opcode == FSCTL_VALIDATE_NEGOTIATE_INFO)
> +		req->hdr.sync_hdr.Flags |= SMB2_FLAGS_SIGNED;
>  
>  	rc = SendReceive2(xid, ses, iov, n_iov, &resp_buftype, flags, &rsp_iov);
>  	cifs_small_buf_release(req);
>

Patch

diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
index 7aa6720..58ce078 100644
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -1888,6 +1888,9 @@  SMB2_ioctl(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid,
 	} else
 		iov[0].iov_len = get_rfc1002_length(req) + 4;
 
+	/* validate negotiate request must be signed - see MS-SMB2 3.2.5.5 */
+	if (opcode == FSCTL_VALIDATE_NEGOTIATE_INFO)
+		req->hdr.sync_hdr.Flags |= SMB2_FLAGS_SIGNED;
 
 	rc = SendReceive2(xid, ses, iov, n_iov, &resp_buftype, flags, &rsp_iov);
 	cifs_small_buf_release(req);