[1/1] CIFS: fix uninitialized ptr deref in smb2 signing

Message ID 20180802143952.16735-1-aaptel@suse.com
State New
Headers show
Series
  • [1/1] CIFS: fix uninitialized ptr deref in smb2 signing
Related show

Commit Message

Aurélien Aptel Aug. 2, 2018, 2:39 p.m.
server->secmech.sdeschmacsha256 is not properly initialized before
smb2_shash_allocate(), set shash after that call.

also fix typo in error message

Fixes: 8de8c4608fe9 ("cifs: Fix validation of signed data in smb2")

Signed-off-by: Aurelien Aptel <aaptel@suse.com>
---
 fs/cifs/smb2transport.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

Comments

Paulo Alcantara Aug. 2, 2018, 2:49 p.m. | #1
Reviewed-by: Paulo Alcantara <palcantara@suse.com>

On August 2, 2018 11:39:52 AM GMT-03:00, Aurelien Aptel <aaptel@suse.com> wrote:
>server->secmech.sdeschmacsha256 is not properly initialized before
>smb2_shash_allocate(), set shash after that call.
>
>also fix typo in error message
>
>Fixes: 8de8c4608fe9 ("cifs: Fix validation of signed data in smb2")
>
>Signed-off-by: Aurelien Aptel <aaptel@suse.com>
>---
> fs/cifs/smb2transport.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
>diff --git a/fs/cifs/smb2transport.c b/fs/cifs/smb2transport.c
>index 719d55e63d88..bf61c3774830 100644
>--- a/fs/cifs/smb2transport.c
>+++ b/fs/cifs/smb2transport.c
>@@ -173,7 +173,7 @@ smb2_calc_signature(struct smb_rqst *rqst, struct
>TCP_Server_Info *server)
> 	struct kvec *iov = rqst->rq_iov;
> 	struct smb2_sync_hdr *shdr = (struct smb2_sync_hdr *)iov[0].iov_base;
> 	struct cifs_ses *ses;
>-	struct shash_desc *shash = &server->secmech.sdeschmacsha256->shash;
>+	struct shash_desc *shash;
> 	struct smb_rqst drqst;
> 
> 	ses = smb2_find_smb_ses(server, shdr->SessionId);
>@@ -187,7 +187,7 @@ smb2_calc_signature(struct smb_rqst *rqst, struct
>TCP_Server_Info *server)
> 
> 	rc = smb2_crypto_shash_allocate(server);
> 	if (rc) {
>-		cifs_dbg(VFS, "%s: shah256 alloc failed\n", __func__);
>+		cifs_dbg(VFS, "%s: sha256 alloc failed\n", __func__);
> 		return rc;
> 	}
> 
>@@ -198,6 +198,7 @@ smb2_calc_signature(struct smb_rqst *rqst, struct
>TCP_Server_Info *server)
> 		return rc;
> 	}
> 
>+	shash = &server->secmech.sdeschmacsha256->shash;
> 	rc = crypto_shash_init(shash);
> 	if (rc) {
> 		cifs_dbg(VFS, "%s: Could not init sha256", __func__);
>-- 
>2.13.7
>
>--
>To unsubscribe from this list: send the line "unsubscribe linux-cifs"
>in
>the body of a message to majordomo@vger.kernel.org
>More majordomo info at  http://vger.kernel.org/majordomo-info.html
Steve French Aug. 3, 2018, 2:38 a.m. | #2
Merged into cifs-2.6.git for-next and added cc:stable
On Thu, Aug 2, 2018 at 9:50 AM Paulo Alcantara <paulo@paulo.ac> wrote:
>
> Reviewed-by: Paulo Alcantara <palcantara@suse.com>
>
> On August 2, 2018 11:39:52 AM GMT-03:00, Aurelien Aptel <aaptel@suse.com> wrote:
>>
>> server->secmech.sdeschmacsha256 is not properly initialized before
>> smb2_shash_allocate(), set shash after that call.
>>
>> also fix typo in error message
>>
>> Fixes: 8de8c4608fe9 ("cifs: Fix validation of signed data in smb2")
>>
>> Signed-off-by: Aurelien Aptel <aaptel@suse.com>
>> ---
>>  fs/cifs/smb2transport.c | 5 +++--
>>  1 file changed, 3 insertions(+), 2 deletions(-)
>>
>> diff --git a/fs/cifs/smb2transport.c b/fs/cifs/smb2transport.c
>> index 719d55e63d88..bf61c3774830 100644
>> --- a/fs/cifs/smb2transport.c
>> +++ b/fs/cifs/smb2transport.c
>> @@ -173,7 +173,7 @@ smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
>>   struct kvec *iov = rqst->rq_iov;
>>   struct smb2_sync_hdr *shdr = (struct smb2_sync_hdr *)iov[0].iov_base;
>>   struct cifs_ses *ses;
>> - struct shash_desc *shash = &server->secmech.sdeschmacsha256->shash;
>> + struct shash_desc *shash;
>>   struct smb_rqst drqst;
>>
>>   ses = smb2_find_smb_ses(server, shdr->SessionId);
>> @@ -187,7 +187,7 @@ smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
>>
>>   rc = smb2_crypto_shash_allocate(server);
>>   if (rc) {
>> - cifs_dbg(VFS, "%s: shah256 alloc failed\n", __func__);
>> + cifs_dbg(VFS, "%s: sha256 alloc failed\n", __func__);
>>   return rc;
>>   }
>>
>> @@ -198,6 +198,7 @@ smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
>>   return rc;
>>   }
>>
>> + shash = &server->secmech.sdeschmacsha256->shash;
>>   rc = crypto_shash_init(shash);
>>   if (rc) {
>>   cifs_dbg(VFS, "%s: Could not init sha256", __func__);
>
>
> --
> Sent from my Android device with K-9 Mail. Please excuse my brevity.

Patch

diff --git a/fs/cifs/smb2transport.c b/fs/cifs/smb2transport.c
index 719d55e63d88..bf61c3774830 100644
--- a/fs/cifs/smb2transport.c
+++ b/fs/cifs/smb2transport.c
@@ -173,7 +173,7 @@  smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
 	struct kvec *iov = rqst->rq_iov;
 	struct smb2_sync_hdr *shdr = (struct smb2_sync_hdr *)iov[0].iov_base;
 	struct cifs_ses *ses;
-	struct shash_desc *shash = &server->secmech.sdeschmacsha256->shash;
+	struct shash_desc *shash;
 	struct smb_rqst drqst;
 
 	ses = smb2_find_smb_ses(server, shdr->SessionId);
@@ -187,7 +187,7 @@  smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
 
 	rc = smb2_crypto_shash_allocate(server);
 	if (rc) {
-		cifs_dbg(VFS, "%s: shah256 alloc failed\n", __func__);
+		cifs_dbg(VFS, "%s: sha256 alloc failed\n", __func__);
 		return rc;
 	}
 
@@ -198,6 +198,7 @@  smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
 		return rc;
 	}
 
+	shash = &server->secmech.sdeschmacsha256->shash;
 	rc = crypto_shash_init(shash);
 	if (rc) {
 		cifs_dbg(VFS, "%s: Could not init sha256", __func__);