[SCM] Samba Shared Repository - branch master updated

Jeremy Allison jra at samba.org
Sun Mar 31 01:12:03 UTC 2019 

The branch, master has been updated
       via  865b7b0c7d2 libcli: permit larger values of DataLength in SMB2_ENCRYPTION_CAPABILITIES of negotiate response
      from  f9ee6b67e0c doc: add missing "samba-tool ou" entry

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 865b7b0c7d2ba7fa0a045586d1e83a72028a0864
Author: Philipp Gesang <philipp.gesang at intra2net.com>
Date:   Thu Feb 14 10:17:28 2019 +0100

    libcli: permit larger values of DataLength in SMB2_ENCRYPTION_CAPABILITIES of negotiate response
    
    Certain Netapp versions are sending SMB2_ENCRYPTION_CAPABILITIES
    structures containing DataLength field that includes the padding
    [0]. Microsoft has since clarified that only values smaller than
    the size are considered invalid [1].
    
    While parsing the NegotiateContext it is ensured that DataLength
    does not exceed the message bounds. Also, the value is not
    actually used anywhere outside the validation. Thus values
    greater than the actual data size are safe to use. This patch
    makes Samba fail only on values that are too small for the (fixed
    size) payload.
    
    [0] https://lists.samba.org/archive/samba/2019-February/221139.html
    [1] https://lists.samba.org/archive/cifs-protocol/2019-March/003210.html
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13869
    
    Signed-off-by: Philipp Gesang <philipp.gesang at intra2net.com>
    Reviewed-by: Ralph Böhme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Sun Mar 31 01:11:09 UTC 2019 on sn-devel-144

-----------------------------------------------------------------------

Summary of changes:
 libcli/smb/smbXcli_base.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


Changeset truncated at 500 lines:

diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index d12e63902d9..211539403d4 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -5062,7 +5062,7 @@ static void smbXcli_negprot_smb2_done(struct tevent_req *subreq)
 			return;
 		}
 
-		if (cipher->data.length != (2 + 2 * cipher_count)) {
+		if (cipher->data.length < (2 + 2 * cipher_count)) {
 			tevent_req_nterror(req,
 					NT_STATUS_INVALID_NETWORK_RESPONSE);
 			return;


-- 
Samba Shared Repository

More information about the samba-cvs mailing list