{"id":2231472,"url":"http://patchwork.ozlabs.org/api/patches/2231472/?format=json","web_url":"http://patchwork.ozlabs.org/project/linux-cifs-client/patch/20260430-kerbmi-v2-2-0b98fe250425@microsoft.com/","project":{"id":12,"url":"http://patchwork.ozlabs.org/api/projects/12/?format=json","name":"Linux CIFS Client","link_name":"linux-cifs-client","list_id":"linux-cifs.vger.kernel.org","list_email":"linux-cifs@vger.kernel.org","web_url":"","scm_url":"","webscm_url":"","list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20260430-kerbmi-v2-2-0b98fe250425@microsoft.com>","list_archive_url":null,"date":"2026-04-30T17:48:24","name":"[v2,2/2] smb: client: Zero-pad short GSS session keys per MS-SMB2","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"a36825cdbc0705dd5a16e8a3591664d3bf04133b","submitter":{"id":92318,"url":"http://patchwork.ozlabs.org/api/people/92318/?format=json","name":"Piyush Sachdeva","email":"s.piyush1024@gmail.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/linux-cifs-client/patch/20260430-kerbmi-v2-2-0b98fe250425@microsoft.com/mbox/","series":[{"id":502352,"url":"http://patchwork.ozlabs.org/api/series/502352/?format=json","web_url":"http://patchwork.ozlabs.org/project/linux-cifs-client/list/?series=502352","date":"2026-04-30T17:48:22","name":"smb: client: Spec-compliance fixes for Kerberos key derivation","version":2,"mbox":"http://patchwork.ozlabs.org/series/502352/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2231472/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2231472/checks/","tags":{},"related":[],"headers":{"Return-Path":"\n <linux-cifs+bounces-11313-incoming=patchwork.ozlabs.org@vger.kernel.org>","X-Original-To":["incoming@patchwork.ozlabs.org","linux-cifs@vger.kernel.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256\n header.s=20251104 header.b=ajX4S1oZ;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c0a:e001:db::12fc:5321; helo=sea.lore.kernel.org;\n envelope-from=linux-cifs+bounces-11313-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)","smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com\n header.b=\"ajX4S1oZ\"","smtp.subspace.kernel.org;\n arc=none smtp.client-ip=209.85.215.180","smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=gmail.com","smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=gmail.com"],"Received":["from sea.lore.kernel.org (sea.lore.kernel.org\n [IPv6:2600:3c0a:e001:db::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g61vF0Zzxz1yGq\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 01 May 2026 03:51:37 +1000 (AEST)","from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sea.lore.kernel.org (Postfix) with ESMTP id 2A6CE3076C21\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 30 Apr 2026 17:48:49 +0000 (UTC)","from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 061DB472794;\n\tThu, 30 Apr 2026 17:48:49 +0000 (UTC)","from mail-pg1-f180.google.com (mail-pg1-f180.google.com\n [209.85.215.180])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id A7834477E3F\n\tfor <linux-cifs@vger.kernel.org>; Thu, 30 Apr 2026 17:48:47 +0000 (UTC)","by mail-pg1-f180.google.com with SMTP id\n 41be03b00d2f7-c648bc907ebso766833a12.3\n        for <linux-cifs@vger.kernel.org>;\n Thu, 30 Apr 2026 10:48:47 -0700 (PDT)","from localhost ([49.207.150.30])\n        by smtp.gmail.com with ESMTPSA id\n d2e1a72fcca58-8351582e185sm278771b3a.3.2026.04.30.10.48.45\n        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n        Thu, 30 Apr 2026 10:48:46 -0700 (PDT)"],"ARC-Seal":"i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1777571328; cv=none;\n b=DSiLVBw8j13pbOBwumPIFLePL2s1TBc220m9wZXPj88FOyfR9Jxkzx4xvw/GcM7WEZ+w1GiRJRyDnRJ3xlWgRKFEOU2Txvm3HCME4PEk9amaZRT7mPggpC+LetIDJ6m2a4Ql4OTnkG6tYUEMsJ2YDLU/i4QGXxf9U9R0H5ZYz9Q=","ARC-Message-Signature":"i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1777571328; c=relaxed/simple;\n\tbh=aHoBqTbdr56DO71Zlzzaandq5SHQ8sCJYyYln2KmSW0=;\n\th=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References:\n\t In-Reply-To:To:Cc;\n b=XpKy9VHW2RJw+IaoC8nVhxdfkgbef6Ywe13YPTn5Z5sT9dztJu6QESmnh44fo5hQwGOU/oHXW72/gX2vT3QXIywEmOfXNITz7Ld8+YcmqftK2xSRxD6v77Nix7LtStn1SUxFNVn0kDPGe/UBJwRS+7+QkmrQ75iRYccXUkVyqpA=","ARC-Authentication-Results":"i=1; smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=gmail.com;\n spf=pass smtp.mailfrom=gmail.com;\n dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com\n header.b=ajX4S1oZ; arc=none smtp.client-ip=209.85.215.180","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n        d=gmail.com; s=20251104; t=1777571327; x=1778176127;\n darn=vger.kernel.org;\n        h=cc:to:in-reply-to:references:message-id:content-transfer-encoding\n         :mime-version:subject:date:from:from:to:cc:subject:date:message-id\n         :reply-to;\n        bh=yv2fHWPI4GY7ycdmc2I4lTP92YQsllQ8O6sfU4iOItg=;\n        b=ajX4S1oZV31iH1kiV4kkA4B8RGAnF0rE6h+o3ciGBmAmWHhXiALgOGjPIfoVvsb7KJ\n         B4e1dTmZTG49CTBcC9tMZRSQo5mrLHP0HHg5dIKK51U/El0WNCOlen2W7kcyrGwpnWsf\n         33X/IY/A7G+/SRAs94fF2TxkEaN0BoIaXS6kFLvqlEeNR5MyxWCI8DBgYTqpZyNGT/Rj\n         bMHgwqrk0xN5sjG40YdopSfGl/oiAarzBqa7pvQQkU9DoIFFyeTwsDQ5UfNu66fD+4Gq\n         ynhuV/xDESNNqF0O30319g/RTobqFtkPh7/oMoUvGmDdBz3IM5ZaAAYdSNivaQNH8NDT\n         +8GA==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n        d=1e100.net; s=20251104; t=1777571327; x=1778176127;\n        h=cc:to:in-reply-to:references:message-id:content-transfer-encoding\n         :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to\n         :cc:subject:date:message-id:reply-to;\n        bh=yv2fHWPI4GY7ycdmc2I4lTP92YQsllQ8O6sfU4iOItg=;\n        b=rZeiDib+YgFBnL6Of1HEe6ZzFs1N8VSprDBKlzoyBvhHCFq3Rlh9KIOwjSEl0wPksp\n         mu6ptE+HdsjYAUy4yODiZy7zrwYu6hvk4AKbsUNTy1nQXAV5GssO69n3ThjqvsaSPxpS\n         mHSUwvvs0rA4/0aYsZ30Y4mu9etu7Yf+ZjE7yva1jtyt6sCR5p25KgpKnMFGubRfEPmB\n         pLDyWarwpUXwEyunKXJWQ28CIEVH/nQ7rv7bByO2TJLtRdb58RvgGe2uGS0qrJvbjy1c\n         THAUD07ARzOZChUq7tvqNMFP1bD0ne4L7x5H6VSH8Bc56bXtKbp1elJj8H58MkuVb9xC\n         Bbxg==","X-Forwarded-Encrypted":"i=1;\n AFNElJ9WhhVtROL4T7BI62vcKL7+RGHxr/lz4UIt4hQLK1xpV3BOa/CTIlycGw+1SI3eDOtbLQNe4Ulr9lpF@vger.kernel.org","X-Gm-Message-State":"AOJu0YxuDj291EM8lUQ6r866MpWKfWtpKbehTQ+QLMf7r86n76t7TgD4\n\t1lBkbupUWakUdLu+tyogL65D5dgSmigYBlt62elYPQUpceGdxgEibeMA","X-Gm-Gg":"AeBDieuTiQGh1GErH9zpsUqk54Q8/VU7p21S5XTvri+7rrNvpBID5aNeYTP///Em9uT\n\teBoD+qPH/NO0bomN53EXoxWLec/FHeCV7La4NxJgalJGxIC2nAMuIT/88TWTiG5SA2My9ubCp9G\n\t23cKTEpK0brbEBnZISKlF7JWn1klxfCjCd/GWtkJJX4CfIlzKXduBZXj0maYj4iRD4Ayc5Lzjln\n\toN981q223FmZiF32fEDRudAS66de+a1OHptkuVnxeR6pIbjwk9PrhgPdVEXKO2CIefpZr5NG8RQ\n\tUhXk7mCensNtpMPILxw1oTNgqJsECWw5ET4uaxuDvqP+OCzLZSHFgKOsOcoq2pMeJs3DXQyBFHV\n\tmp/1zDHcXthLY5iKErBzFrbDEoLLQ2M+7wH30Kl/zLAJGxIV5z9S3ZSLHyMezxCQi78IJNKH9wR\n\t3lregcxYuFamb2uNlB0lr2E4dLPYeVQ7pfMCp0j9bkg1Gy8iIXMMFAUDbRr5Zh","X-Received":"by 2002:a05:6a00:909d:b0:81f:5037:a317 with SMTP id\n d2e1a72fcca58-834fdb1345emr4334423b3a.11.1777571326639;\n        Thu, 30 Apr 2026 10:48:46 -0700 (PDT)","From":"Piyush Sachdeva <s.piyush1024@gmail.com>","X-Google-Original-From":"Piyush Sachdeva <psachdeva@microsoft.com>","Date":"Thu, 30 Apr 2026 23:18:24 +0530","Subject":"[PATCH v2 2/2] smb: client: Zero-pad short GSS session keys per\n MS-SMB2","Precedence":"bulk","X-Mailing-List":"linux-cifs@vger.kernel.org","List-Id":"<linux-cifs.vger.kernel.org>","List-Subscribe":"<mailto:linux-cifs+subscribe@vger.kernel.org>","List-Unsubscribe":"<mailto:linux-cifs+unsubscribe@vger.kernel.org>","MIME-Version":"1.0","Content-Type":"text/plain; charset=\"utf-8\"","Content-Transfer-Encoding":"7bit","Message-Id":"<20260430-kerbmi-v2-2-0b98fe250425@microsoft.com>","References":"<20260430-kerbmi-v2-0-0b98fe250425@microsoft.com>","In-Reply-To":"<20260430-kerbmi-v2-0-0b98fe250425@microsoft.com>","To":"Steve French <sfrench@samba.org>, linux-cifs@vger.kernel.org,\n Shyam Prasad N <sprasad@microsoft.com>,\n Bharath SM <bharathsm@microsoft.com>","Cc":"samba-technical@lists.samba.org, linux-kernel@vger.kernel.org,\n vaibsharma@microsoft.com","X-Mailer":"b4 0.15.2","X-Developer-Signature":"v=1; a=openpgp-sha256; l=3414;\n i=psachdeva@microsoft.com; h=from:subject:message-id;\n bh=aHoBqTbdr56DO71Zlzzaandq5SHQ8sCJYyYln2KmSW0=;\n b=owGbwMvMwCV29FJ3ncRHDT/G02pJDJmfp36Y1SsyOXPuWc+60JDNV/zit7Tq/pv3nulpyY+Li\n Y/fX9es7JjIwiDGxWAppsiy4cQdWd74XZLzPj0xgpnDygQyRFqkgQEIWBj4chPzSo10jPRMtQ31\n DI10DHSMGbg4BWCqk70YGS7MWcO/smkdz+xDRxMlFA+wFglfelvZMl18p1FeW8XMRm5Ghs9LPzf\n KHc2z6mDWbLqhnLiEwzTQV+9R897QyJ1aWy8z8AMA","X-Developer-Key":"i=psachdeva@microsoft.com; a=openpgp;\n fpr=80350F71F916134953C3EB979E19C6F9839C3CFC"},"content":"Per MS-SMB2 section 3.2.5.3, Session.SessionKey is the first 16 bytes\nof the GSS cryptographic key, right-padded with zero bytes if the key\nis shorter than 16 bytes.\n\nSMB2_auth_kerberos() copies the GSS session key from the cifs.upcall\nresponse using kmemdup(msg->data, msg->sesskey_len, ...) and stores\nthe GSS-reported length verbatim in ses->auth_key.len. generate_key()\nreads SMB2_NTLMV2_SESSKEY_SIZE bytes from this buffer when feeding the\nHMAC-SHA256 KDF for signing key derivation. If a GSS mechanism returns\na session key shorter than 16 bytes (e.g. a deprecated single-DES\nKerberos enctype with an 8-byte session key), the KDF call performs an\nout-of-bounds slab read and derives keys that do not match the server,\nwhich pads per the spec.\n\nModern KDCs disable short-key enctypes by default, so this is latent\nrather than reachable in production, but it is still a kernel heap\nover-read.\n\nAllocate auth_key.response with kzalloc() at a length of\nmax(msg->sesskey_len, SMB2_NTLMV2_SESSKEY_SIZE), copy the GSS key in,\nand rely on kzalloc()'s zero initialization for the spec-mandated\npadding. Set ses->auth_key.len to the padded length. Larger GSS keys\n(e.g. the 32-byte aes256-cts-hmac-sha1-96 session key) continue to be\nstored at their natural length, preserving the FullSessionKey path.\n\nEmit a cifs_dbg(VFS, ...) message when a short key is encountered to\nsurface deprecated-enctype usage.\n\nNTLMv2 and NTLMSSP code paths produce a 16-byte session key by\nconstruction and are unaffected.\n\nSigned-off-by: Piyush Sachdeva <psachdeva@microsoft.com>\nSigned-off-by: Piyush Sachdeva <s.piyush1024@gmail.com>\n---\n fs/smb/client/smb2pdu.c | 23 ++++++++++++++++++-----\n 1 file changed, 18 insertions(+), 5 deletions(-)","diff":"diff --git a/fs/smb/client/smb2pdu.c b/fs/smb/client/smb2pdu.c\nindex cb61051f9af3..995fcdd30681 100644\n--- a/fs/smb/client/smb2pdu.c\n+++ b/fs/smb/client/smb2pdu.c\n@@ -1713,17 +1713,30 @@ SMB2_auth_kerberos(struct SMB2_sess_data *sess_data)\n \tis_binding = (ses->ses_status == SES_GOOD);\n \tspin_unlock(&ses->ses_lock);\n \n+\t/*\n+\t * Per MS-SMB2 3.2.5.3, Session.SessionKey is the first 16 bytes of the\n+\t * GSS cryptographic key, right-padded with zero bytes if shorter.\n+\t * Allocate at least SMB2_NTLMV2_SESSKEY_SIZE bytes (zeroed) so the KDF\n+\t * input buffer is always valid for HMAC-SHA256 even with deprecated\n+\t * Kerberos enctypes that return a short session key.\n+\t */\n+\tif (unlikely(msg->sesskey_len < SMB2_NTLMV2_SESSKEY_SIZE))\n+\t\tcifs_dbg(VFS,\n+\t\t\t \"short GSS session key (%u bytes); zero-padding per MS-SMB2 3.2.5.3\\n\",\n+\t\t\t msg->sesskey_len);\n+\n \tkfree_sensitive(ses->auth_key.response);\n-\tses->auth_key.response = kmemdup(msg->data,\n-\t\t\t\t\t msg->sesskey_len,\n-\t\t\t\t\t GFP_KERNEL);\n+\tses->auth_key.len = max_t(unsigned int, msg->sesskey_len,\n+\t\t\t\t  SMB2_NTLMV2_SESSKEY_SIZE);\n+\tses->auth_key.response = kzalloc(ses->auth_key.len, GFP_KERNEL);\n \tif (!ses->auth_key.response) {\n \t\tcifs_dbg(VFS, \"%s: can't allocate (%u bytes) memory\\n\",\n-\t\t\t __func__, msg->sesskey_len);\n+\t\t\t __func__, ses->auth_key.len);\n+\t\tses->auth_key.len = 0;\n \t\trc = -ENOMEM;\n \t\tgoto out_put_spnego_key;\n \t}\n-\tses->auth_key.len = msg->sesskey_len;\n+\tmemcpy(ses->auth_key.response, msg->data, msg->sesskey_len);\n \n \tsess_data->iov[1].iov_base = msg->data + msg->sesskey_len;\n \tsess_data->iov[1].iov_len = msg->secblob_len;\n","prefixes":["v2","2/2"]}