From patchwork Mon Mar 12 03:05:02 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve French X-Patchwork-Id: 884302 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=linux-cifs-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="iXvM2bg0"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 4002sy0ddzz9sRm for ; Mon, 12 Mar 2018 14:05:26 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932437AbeCLDFY (ORCPT ); Sun, 11 Mar 2018 23:05:24 -0400 Received: from mail-pl0-f54.google.com ([209.85.160.54]:44055 "EHLO mail-pl0-f54.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932503AbeCLDFY (ORCPT ); Sun, 11 Mar 2018 23:05:24 -0400 Received: by mail-pl0-f54.google.com with SMTP id 9-v6so8566308ple.11 for ; Sun, 11 Mar 2018 20:05:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=dmkFxwe5FLs8yrRIQ2D2KrMMSMQLrjow8JF7XOHbq2k=; b=iXvM2bg0+yXNws9NOHiTDf2XItSG1ds0QkQQTsaMT0wCSDicPDNawsbDpCKB0rxqHN jJ8t0Elwc5O/a2pMbwoNfqRRfAk3BBJbMwDFAnS49JLJb3x3IoLJFa4Y0QfUq1IDpKBI XFKiOSNGwQDovnjFHAMAiu3KSfXZaPEnrE3a0W1e9VQQ9Rf5QO3NBRRrHe23JE05+FeR +ss4zdhwpzf5bxyO2/AQgj/5USXjLjsNysDL0EipowUW9VOnq6uqzJTzfAJe6COnpJyL ALT+QuwOOARaZowIMQZRXlvcLNsx84GmL3oVvD/hgJvgva010GAbdqa+MAQ8e7GadNAe C3dw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=dmkFxwe5FLs8yrRIQ2D2KrMMSMQLrjow8JF7XOHbq2k=; b=A1coYbQw5n0Nbi2XzVdh1ckusYYrAqwsD9fPnKX1JlHez2AfXkr0i2sf68j9jAqp2x Exfbs7p7vgMPjueAmmey0eDIRebinL6Sas2mgSsrrg/01yeMOi2NYmYqr7cQzlLh48cY dJhZKuI8HYkD2eDbbi7rT/kSREwOS7d1xZKQD2mkxo14wnpo5MF5tdSCpcSGO2T89oON LQ++LOY7cZjZR+AakQW0oq1uLscv8VmI7FKtxEAU/2AP6tXkTOL3eMHwSLKZWLz/ltu2 OOG83iZoZkLtGTfks4onWmjuycy7t4OVjANBcsgm/1vdzN3ogc/Z5olYlY3bh3whZV2/ 7Uow== X-Gm-Message-State: AElRT7FHLXYUXeTVqILjhnrPxq9mg1gurcOr5ZRgVivqpgoTifKZc5pH ZKWz/JuE7tJXTs0l4dJMsTNitMuHEKeDDEIikuVAmw== X-Google-Smtp-Source: AG47ELvTLBLr+UZ4r5qDO7KRlYjhnjUTgb3UxxZkGQ6sb7rtLpGcYSj/vkr0zEecdBw8YVizwC9cFuKZBCj+sx9U/7Q= X-Received: by 2002:a17:902:6ecd:: with SMTP id l13-v6mr6591004pln.374.1520823923606; Sun, 11 Mar 2018 20:05:23 -0700 (PDT) MIME-Version: 1.0 Received: by 10.100.171.78 with HTTP; Sun, 11 Mar 2018 20:05:02 -0700 (PDT) From: Steve French Date: Sun, 11 Mar 2018 20:05:02 -0700 Message-ID: Subject: 4.9 backport version of SMB3: Validate negotiate request must always be signed patch To: CIFS , "Srivatsa S. Bhat" Sender: linux-cifs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org Attached backport version of my "validate negotiate must always be signed" patch for 4.9 ran into another problem (oops in the signing code) - so we may be missing more than one patch in the 4.9 backport (more generally for signing). From 453d6e152e5b63d7dbde6116771e1648757b6a53 Mon Sep 17 00:00:00 2001 From: Steve French Date: Sun, 11 Mar 2018 20:00:27 -0700 Subject: [PATCH] SMB3: Validate negotiate request must always be signed According to MS-SMB2 3.2.55 validate_negotiate request must always be signed. Some Windows can fail the request if you send it unsigned See kernel bugzilla bug 197311 [Patch fixed up for kernel version 4.9] CC: Stable Acked-by: Ronnie Sahlberg Signed-off-by: Steve French --- fs/cifs/smb2pdu.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index 94c4c1901222..4c2eaf05a6a4 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -1712,6 +1712,9 @@ SMB2_ioctl(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid, } else iov[0].iov_len = get_rfc1002_length(req) + 4; + /* validate negotiate request must be signed - see MS-SMB2 3.2.5.5 */ + if (opcode == FSCTL_VALIDATE_NEGOTIATE_INFO) + req->hdr.Flags |= SMB2_FLAGS_SIGNED; rc = SendReceive2(xid, ses, iov, num_iovecs, &resp_buftype, 0); rsp = (struct smb2_ioctl_rsp *)iov[0].iov_base; -- 2.14.1