From the samba-technical list. Philipp Gesang <philipp.gesang@intra2net.com> Certain Netapp versions are sending SMB2_ENCRYPTION_CAPABILITIES structures containing DataLength field that includes the padding [0]. Microsoft has since clarified that only values smaller than the size are considered invalid [1]. While parsing the NegotiateContext it is ensured that DataLength does not exceed the message bounds. Also, the value is not actually used anywhere outside the validation. Thus values greater than the actual data size are safe to use. This patch makes Samba fail only on values that are too small for the (fixed size) payload. [0] https://lists.samba.org/archive/samba/2019-February/221139.html [1] https://lists.samba.org/archive/cifs-protocol/2019-March/003210.html Patch to follow. Logging bug so we can get this fixed in released versions.
Created attachment 15031 [details] git-am fix for 4.10.next, 4.9.next. Cherry-picked from master.
Reassigning to Karolin for inclusion in 4.9 and 4.10.
Pushed to both branches. Closing out bug report. Thanks!