Commit 7a29b11d authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag '5.16-rc5-ksmbd-fixes' of git://git.samba.org/ksmbd 

Pull ksmbd fixes from Steve French:
 "Three ksmbd fixes, all for stable as well.

  Two fix potential unitialized memory and one fixes a security problem
  where encryption is unitentionally disabled from some clients"

* tag '5.16-rc5-ksmbd-fixes' of git://git.samba.org/ksmbd:
  ksmbd: disable SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1
  ksmbd: fix uninitialized symbol 'pntsd_size'
  ksmbd: fix error code in ndr_read_int32()
parents 95b40115 83912d6d

fs/ksmbd/ndr.c

+1 −1
Original line number Diff line number Diff line
@@ -148,7 +148,7 @@ static int ndr_read_int16(struct ndr *n, __u16 *value) 
static int ndr_read_int32(struct ndr *n, __u32 *value)

{

	if (n->offset + sizeof(__u32) > n->length)

		return 0;

		return -EINVAL;



	if (value)

		*value = le32_to_cpu(*(__le32 *)ndr_get_field(n));

fs/ksmbd/smb2ops.c

+0 −3
Original line number Diff line number Diff line
@@ -271,9 +271,6 @@ int init_smb3_11_server(struct ksmbd_conn *conn) 
	if (server_conf.flags & KSMBD_GLOBAL_FLAG_SMB2_LEASES)

		conn->vals->capabilities |= SMB2_GLOBAL_CAP_LEASING;



	if (conn->cipher_type)

		conn->vals->capabilities |= SMB2_GLOBAL_CAP_ENCRYPTION;



	if (server_conf.flags & KSMBD_GLOBAL_FLAG_SMB3_MULTICHANNEL)

		conn->vals->capabilities |= SMB2_GLOBAL_CAP_MULTI_CHANNEL;

fs/ksmbd/smb2pdu.c

+25 −4
Original line number Diff line number Diff line
@@ -915,6 +915,25 @@ static void decode_encrypt_ctxt(struct ksmbd_conn *conn, 
	}

}



/**

 * smb3_encryption_negotiated() - checks if server and client agreed on enabling encryption

 * @conn:	smb connection

 *

 * Return:	true if connection should be encrypted, else false

 */

static bool smb3_encryption_negotiated(struct ksmbd_conn *conn)

{

	if (!conn->ops->generate_encryptionkey)

		return false;



	/*

	 * SMB 3.0 and 3.0.2 dialects use the SMB2_GLOBAL_CAP_ENCRYPTION flag.

	 * SMB 3.1.1 uses the cipher_type field.

	 */

	return (conn->vals->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION) ||

	    conn->cipher_type;

}



static void decode_compress_ctxt(struct ksmbd_conn *conn,

				 struct smb2_compression_capabilities_context *pneg_ctxt)

{
@@ -1469,8 +1488,7 @@ static int ntlm_authenticate(struct ksmbd_work *work) 
		    (req->SecurityMode & SMB2_NEGOTIATE_SIGNING_REQUIRED))

			sess->sign = true;



		if (conn->vals->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION &&

		    conn->ops->generate_encryptionkey &&

		if (smb3_encryption_negotiated(conn) &&

		    !(req->Flags & SMB2_SESSION_REQ_FLAG_BINDING)) {

			rc = conn->ops->generate_encryptionkey(sess);

			if (rc) {
@@ -1559,8 +1577,7 @@ static int krb5_authenticate(struct ksmbd_work *work) 
	    (req->SecurityMode & SMB2_NEGOTIATE_SIGNING_REQUIRED))

		sess->sign = true;



	if ((conn->vals->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION) &&

	    conn->ops->generate_encryptionkey) {

	if (smb3_encryption_negotiated(conn)) {

		retval = conn->ops->generate_encryptionkey(sess);

		if (retval) {

			ksmbd_debug(SMB,
@@ -2962,6 +2979,10 @@ int smb2_open(struct ksmbd_work *work) 
							    &pntsd_size, &fattr);

					posix_acl_release(fattr.cf_acls);

					posix_acl_release(fattr.cf_dacls);

					if (rc) {

						kfree(pntsd);

						goto err_out;

					}



					rc = ksmbd_vfs_set_sd_xattr(conn,

								    user_ns,