The Samba-Bugzilla – Attachment 17145 Details for
Bug 14968
smb2_signing_decrypt_pdu() may not decrypt with gnutls_aead_cipher_decrypt() from gnutls before 3.5.2
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patches for v4-15-test
bfixes-tmp415.txt (text/plain), 5.08 KB, created by
Stefan Metzmacher
on 2022-02-03 09:55:54 UTC
(
hide
)
Description:
Patches for v4-15-test
Filename:
MIME Type:
Creator:
Stefan Metzmacher
Created:
2022-02-03 09:55:54 UTC
Size:
5.08 KB
patch
obsolete
>From 554dc75cde70fc5d47ad8a561cf3d36484d8cb30 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Tue, 1 Feb 2022 10:52:27 +0100 >Subject: [PATCH 1/3] selftest/quick: add smb2.session > >We run the quicktest on each linux distro as part of samba-o3 builds. > >We should make sure smb2 signing/enctyption works on all of them >and all different system libraries. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14968 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >(cherry picked from commit 68e62962b08497da8359ddbe4324443818c05cd1) >--- > selftest/quick | 1 + > 1 file changed, 1 insertion(+) > >diff --git a/selftest/quick b/selftest/quick >index 0e79f1020bf1..6700180c2c2a 100644 >--- a/selftest/quick >+++ b/selftest/quick >@@ -33,6 +33,7 @@ rpc.join > rpc.handles > rpc.echo > smb.signing >+smb2.session > drs.unit > samba4.blackbox.dbcheck.dc > # This needs to be here to get testing of crypt_r() >-- >2.25.1 > > >From 98ad6c4f6abae9b57b7c94ad533a6fecb0b2085a Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Mon, 31 Jan 2022 20:33:43 +0100 >Subject: [PATCH 2/3] libcli/smb: fix error checking in > smb2_signing_decrypt_pdu() invalid ptext_len > >When the ptext_size != m_total check fails, we call this: > > status = gnutls_error_to_ntstatus(rc, NT_STATUS_INTERNAL_ERROR); > goto out; > >As rc is 0 at that point we'll exit smb2_signing_decrypt_pdu() >with NT_STATUS_OK, but without copying the decrypted data >back into the callers buffer. Which leads to strange errors >in the caller. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14968 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >(cherry picked from commit 99182af4ab5a3413311e27c2a193e09babceb01c) >--- > libcli/smb/smb2_signing.c | 9 ++++++++- > 1 file changed, 8 insertions(+), 1 deletion(-) > >diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c >index 29ddfe71a24b..8ddfbd75af2a 100644 >--- a/libcli/smb/smb2_signing.c >+++ b/libcli/smb/smb2_signing.c >@@ -1247,9 +1247,16 @@ NTSTATUS smb2_signing_decrypt_pdu(struct smb2_signing_key *decryption_key, > ctext_size, > ptext, > &ptext_size); >- if (rc < 0 || ptext_size != m_total) { >+ if (rc < 0) { >+ TALLOC_FREE(ptext); >+ TALLOC_FREE(ctext); >+ status = gnutls_error_to_ntstatus(rc, NT_STATUS_INTERNAL_ERROR); >+ goto out; >+ } >+ if (ptext_size != m_total) { > TALLOC_FREE(ptext); > TALLOC_FREE(ctext); >+ rc = GNUTLS_E_SHORT_MEMORY_BUFFER; > status = gnutls_error_to_ntstatus(rc, NT_STATUS_INTERNAL_ERROR); > goto out; > } >-- >2.25.1 > > >From f5e9c25a52db6d5bbca33f81e7b91e3f9209fac0 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Mon, 31 Jan 2022 20:33:43 +0100 >Subject: [PATCH 3/3] libcli/smb: let smb2_signing_decrypt_pdu() cope with > gnutls_aead_cipher_decrypt() ptext_len bug > >The initial implementation of gnutls_aead_cipher_decrypt() had a bug and >used: > *ptext_len = ctext_len; >instead of: > *ptext_len = ctext_len - tag_size; > >This got fixed with gnutls 3.5.2. > >As we only require gnutls 3.4.7 we need to cope with this... > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14968 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> > >Autobuild-User(master): Stefan Metzmacher <metze@samba.org> >Autobuild-Date(master): Wed Feb 2 18:29:08 UTC 2022 on sn-devel-184 > >(cherry picked from commit 735f3d7dde3daf5d0af2e8a1de60422b88663992) >--- > libcli/smb/smb2_signing.c | 15 +++++++++++++++ > wscript_configure_system_gnutls | 3 +++ > 2 files changed, 18 insertions(+) > >diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c >index 8ddfbd75af2a..938c9ecdf294 100644 >--- a/libcli/smb/smb2_signing.c >+++ b/libcli/smb/smb2_signing.c >@@ -1253,6 +1253,21 @@ NTSTATUS smb2_signing_decrypt_pdu(struct smb2_signing_key *decryption_key, > status = gnutls_error_to_ntstatus(rc, NT_STATUS_INTERNAL_ERROR); > goto out; > } >+#ifdef HAVE_GNUTLS_AEAD_CIPHER_DECRYPT_PTEXT_LEN_BUG >+ /* >+ * Note that gnutls before 3.5.2 had a bug and returned >+ * *ptext_len = ctext_len, instead of >+ * *ptext_len = ctext_len - tag_size >+ */ >+ if (ptext_size != ctext_size) { >+ TALLOC_FREE(ptext); >+ TALLOC_FREE(ctext); >+ rc = GNUTLS_E_SHORT_MEMORY_BUFFER; >+ status = gnutls_error_to_ntstatus(rc, NT_STATUS_INTERNAL_ERROR); >+ goto out; >+ } >+ ptext_size -= tag_size; >+#endif /* HAVE_GNUTLS_AEAD_CIPHER_DECRYPT_PTEXT_LEN_BUG */ > if (ptext_size != m_total) { > TALLOC_FREE(ptext); > TALLOC_FREE(ctext); >diff --git a/wscript_configure_system_gnutls b/wscript_configure_system_gnutls >index 9864235d17e4..4cdd61f79bba 100644 >--- a/wscript_configure_system_gnutls >+++ b/wscript_configure_system_gnutls >@@ -40,6 +40,9 @@ if (gnutls_version > parse_version('3.6.10')): > if (gnutls_version > parse_version('3.6.14')): > conf.DEFINE('ALLOW_GNUTLS_AEAD_CIPHER_ENCRYPTV2_AES_CCM', 1) > >+if (gnutls_version < parse_version('3.5.2')): >+ conf.DEFINE('HAVE_GNUTLS_AEAD_CIPHER_DECRYPT_PTEXT_LEN_BUG', 1) >+ > # Check if gnutls has fips mode support > # gnutls_fips140_mode_enabled() is available since 3.3.0 > fragment = ''' >-- >2.25.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
asn
:
review+
Actions:
View
Attachments on
bug 14968
:
17144
| 17145 |
17146
|
17164