summaryrefslogtreecommitdiffstats
path: root/fs/cifs/smb2pdu.h
diff options
context:
space:
mode:
authorSteve French <smfrench@gmail.com>2018-04-09 17:47:14 +0200
committerSteve French <smfrench@gmail.com>2018-04-12 23:54:06 +0200
commit5100d8a3fe034845926266a4e7f5bdcbb859088b (patch)
tree350de14c3b16b0657664b18e4c045a96a4f574c6 /fs/cifs/smb2pdu.h
parentSMB3: Fix length checking of SMB3.11 negotiate request (diff)
downloadlinux-5100d8a3fe034845926266a4e7f5bdcbb859088b.tar.xz
linux-5100d8a3fe034845926266a4e7f5bdcbb859088b.zip
SMB311: Improve checking of negotiate security contexts
SMB3.11 crypto and hash contexts were not being checked strictly enough. Add parsing and validity checking for the security contexts in the SMB3.11 negotiate response. Signed-off-by: Steve French <smfrench@gmail.com> CC: Stable <stable@vger.kernel.org> Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
Diffstat (limited to 'fs/cifs/smb2pdu.h')
-rw-r--r--fs/cifs/smb2pdu.h3
1 files changed, 3 insertions, 0 deletions
diff --git a/fs/cifs/smb2pdu.h b/fs/cifs/smb2pdu.h
index 0e0a0af89e4d..6093e5142b2b 100644
--- a/fs/cifs/smb2pdu.h
+++ b/fs/cifs/smb2pdu.h
@@ -275,6 +275,7 @@ struct smb2_neg_context {
#define SMB2_PREAUTH_INTEGRITY_SHA512 cpu_to_le16(0x0001)
#define SMB2_PREAUTH_HASH_SIZE 64
+#define MIN_PREAUTH_CTXT_DATA_LEN (SMB311_SALT_SIZE + 6)
struct smb2_preauth_neg_context {
__le16 ContextType; /* 1 */
__le16 DataLength;
@@ -289,6 +290,8 @@ struct smb2_preauth_neg_context {
#define SMB2_ENCRYPTION_AES128_CCM cpu_to_le16(0x0001)
#define SMB2_ENCRYPTION_AES128_GCM cpu_to_le16(0x0002)
+/* Min encrypt context data is one cipher so 2 bytes + 2 byte count field */
+#define MIN_ENCRYPT_CTXT_DATA_LEN 4
struct smb2_encryption_neg_context {
__le16 ContextType; /* 2 */
__le16 DataLength;