diff options
author | Steve French <smfrench@gmail.com> | 2018-04-08 23:14:31 +0200 |
---|---|---|
committer | Steve French <smfrench@gmail.com> | 2018-04-12 23:52:38 +0200 |
commit | 136ff1b4b65edf09b6b7173ba94ad53347d3aa83 (patch) | |
tree | a3637b5dc7de1c91869b111f10eed9736f8a7d96 /fs/cifs/smb2pdu.h | |
parent | CIFS: add ONCE flag for cifs_dbg type (diff) | |
download | linux-136ff1b4b65edf09b6b7173ba94ad53347d3aa83.tar.xz linux-136ff1b4b65edf09b6b7173ba94ad53347d3aa83.zip |
SMB3: Fix length checking of SMB3.11 negotiate request
The length checking for SMB3.11 negotiate request includes
"negotiate contexts" which caused a buffer validation problem
and a confusing warning message on SMB3.11 mount e.g.:
SMB2 server sent bad RFC1001 len 236 not 170
Fix the length checking for SMB3.11 negotiate to account for
the new negotiate context so that we don't log a warning on
SMB3.11 mount by default but do log warnings if lengths returned
by the server are incorrect.
CC: Stable <stable@vger.kernel.org>
Signed-off-by: Steve French <smfrench@gmail.com>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
Diffstat (limited to 'fs/cifs/smb2pdu.h')
-rw-r--r-- | fs/cifs/smb2pdu.h | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/fs/cifs/smb2pdu.h b/fs/cifs/smb2pdu.h index 253e2c7c952f..0e0a0af89e4d 100644 --- a/fs/cifs/smb2pdu.h +++ b/fs/cifs/smb2pdu.h @@ -263,6 +263,13 @@ struct smb2_negotiate_req { #define SMB2_NT_FIND 0x00100000 #define SMB2_LARGE_FILES 0x00200000 +struct smb2_neg_context { + __le16 ContextType; + __le16 DataLength; + __le32 Reserved; + /* Followed by array of data */ +} __packed; + #define SMB311_SALT_SIZE 32 /* Hash Algorithm Types */ #define SMB2_PREAUTH_INTEGRITY_SHA512 cpu_to_le16(0x0001) |