Bug 13869 - Fix connecting to NetApp servers which send padding on Negprot encryption replies.
Summary: Fix connecting to NetApp servers which send padding on Negprot encryption rep...
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: libsmbclient (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-03-29 18:15 UTC by Jeremy Allison
Modified: 2019-04-03 10:40 UTC (History)
1 user (show)

See Also:


Attachments
git-am fix for 4.10.next, 4.9.next. (2.01 KB, patch)
2019-04-01 17:21 UTC, Jeremy Allison
slow: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Jeremy Allison 2019-03-29 18:15:19 UTC
From the samba-technical list.

Philipp Gesang <philipp.gesang@intra2net.com>

Certain Netapp versions are sending SMB2_ENCRYPTION_CAPABILITIES
structures containing DataLength field that includes the padding
[0]. Microsoft has since clarified that only values smaller than
the size are considered invalid [1].

While parsing the NegotiateContext it is ensured that DataLength
does not exceed the message bounds. Also, the value is not
actually used anywhere outside the validation. Thus values
greater than the actual data size are safe to use. This patch
makes Samba fail only on values that are too small for the (fixed
size) payload.

[0] https://lists.samba.org/archive/samba/2019-February/221139.html
[1] https://lists.samba.org/archive/cifs-protocol/2019-March/003210.html

Patch to follow. Logging bug so we can get this fixed in released versions.
Comment 1 Jeremy Allison 2019-04-01 17:21:18 UTC
Created attachment 15031 [details]
git-am fix for 4.10.next, 4.9.next.

Cherry-picked from master.
Comment 2 Ralph Böhme 2019-04-01 17:43:29 UTC
Reassigning to Karolin for inclusion in 4.9 and 4.10.
Comment 3 Karolin Seeger 2019-04-03 10:40:36 UTC
Pushed to both branches.
Closing out bug report.

Thanks!