[cifs-protocol] [MS-SMB2] Clarification regarding client handling of invalid DataLength of SMB2_ENCRYPTION_CAPABILITIES negotiate context [119030119723829]

Philipp Gesang philipp.gesang at intra2net.com
Tue Mar 5 07:39:12 UTC 2019

Hi Obaid,

thanks for investigating this.

-<| Quoting Obaid Farooqi <obaidf at microsoft.com>, on Monday, 2019-03-04 04:51:51 PM |>-
> Do you by chance have a network traces of this issue?

Yes but due to confidentiality reasons I can’t share them as
such. If you still have specific questions about those traces, I
will try and answer them.

-<| Quoting Obaid Farooqi <obaidf at microsoft.com>, on Tuesday, 2019-03-05 12:44:35 AM |>-
> The processing of the SMB2_ENCRYPTION_CAPABILITIES is defined
> in section in MS-SMB2. 
> As far the length of the context is concerned in the DataLength
> field, the client performs the following check:
> If DataLength is < size of SMB2_ENCRYPTION_CAPABILITIES 
> 		then return error to the application.

That indeed explains the behavior we observed.

> I'll file a bug against the MS-SMB2 document to add this step
> in the processing steps for negotiate context for

Thank you for the clarification, as far as I am concerned this
resolves the issue.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20190305/91d2e8e2/signature.sig>

More information about the cifs-protocol mailing list