The Samba-Bugzilla – Attachment 15031 Details for
Bug 13869
Fix connecting to NetApp servers which send padding on Negprot encryption replies.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am fix for 4.10.next, 4.9.next.
0001-libcli-permit-larger-values-of-DataLength-in-SMB2_EN.patch (text/plain), 2.01 KB, created by
Jeremy Allison
on 2019-04-01 17:21:18 UTC
(
hide
)
Description:
git-am fix for 4.10.next, 4.9.next.
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2019-04-01 17:21:18 UTC
Size:
2.01 KB
patch
obsolete
>From 2cc6a6d10980bd67452d9079679b77c90f33efb6 Mon Sep 17 00:00:00 2001 >From: Philipp Gesang <philipp.gesang@intra2net.com> >Date: Thu, 14 Feb 2019 10:17:28 +0100 >Subject: [PATCH] libcli: permit larger values of DataLength in > SMB2_ENCRYPTION_CAPABILITIES of negotiate response >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >Certain Netapp versions are sending SMB2_ENCRYPTION_CAPABILITIES >structures containing DataLength field that includes the padding >[0]. Microsoft has since clarified that only values smaller than >the size are considered invalid [1]. > >While parsing the NegotiateContext it is ensured that DataLength >does not exceed the message bounds. Also, the value is not >actually used anywhere outside the validation. Thus values >greater than the actual data size are safe to use. This patch >makes Samba fail only on values that are too small for the (fixed >size) payload. > >[0] https://lists.samba.org/archive/samba/2019-February/221139.html >[1] https://lists.samba.org/archive/cifs-protocol/2019-March/003210.html > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13869 > >Signed-off-by: Philipp Gesang <philipp.gesang@intra2net.com> >Reviewed-by: Ralph Böhme <slow@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> > >Autobuild-User(master): Jeremy Allison <jra@samba.org> >Autobuild-Date(master): Sun Mar 31 01:11:09 UTC 2019 on sn-devel-144 > >(cherry picked from commit 865b7b0c7d2ba7fa0a045586d1e83a72028a0864) >--- > libcli/smb/smbXcli_base.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c >index a237bf17d0a..a8c73be445a 100644 >--- a/libcli/smb/smbXcli_base.c >+++ b/libcli/smb/smbXcli_base.c >@@ -5064,7 +5064,7 @@ static void smbXcli_negprot_smb2_done(struct tevent_req *subreq) > return; > } > >- if (cipher->data.length != (2 + 2 * cipher_count)) { >+ if (cipher->data.length < (2 + 2 * cipher_count)) { > tevent_req_nterror(req, > NT_STATUS_INVALID_NETWORK_RESPONSE); > return; >-- >2.21.0.392.gf8f6787159e-goog >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=15031">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
slow
:
review+
Actions:
View
Attachments on
bug 13869
: 15031