[PATCH] Reuse of nonces patch breaks SMB3.0 connections without encryption.

Jeremy Allison jra at samba.org
Tue Jun 16 17:46:05 MDT 2015


On Tue, Jun 16, 2015 at 07:30:09PM -0400, Simo Sorce wrote:
> > The previous code generated the nonce and did not
> > look at xconn->smb2.server.cipher, meaning in the
> > non-encrypted case where xconn->smb2.server.cipher == 0
> > the nonce was ignored.
> > 
> > Now if a client negotiates >= PROTOCOL_SMB2_24
> > but doesn't negotiate encryption (i.e. xconn->smb2.server.cipher == 0)
> > we run smack into the default case and return
> > NT_STATUS_INVALID_PARAMETER and the client
> > sessionsetup fails.
> > 
> > The only place the nonces are actually used is
> > in smb2_get_new_nonce(), which is only used in
> > two places:
> > 
> > 1). smbd_smb2_request_reply() when req->do_encryption == true.
> > 2). smbd_smb2_send_break() when session->global->encryption_required == true
> > or tcon->global->encryption_required == true.
> > 
> > Now req->do_encryption is set to true if
> > a header of size SMB2_TF_HDR_SIZE is sent, so
> > this might get set at any time by a client
> > request, even if the client didn't negotiate
> > encryption.
> > 
> > So I think the correct fix to protect all
> > code paths is in the case where xconn->smb2.server.cipher
> > is unknown (the default: case) is to set x->nonce_high_max = 0,
> > and then add a check inside smb2_get_new_nonce() to
> > return NT_STATUS_ENCRYPTION_FAILED if
> > x->nonce_high_max == 0.
> > 
> > Patch to do this attached. Please check.
> > 
> > FYI. This bug was found by Codenomicon at
> > the plugfest.
> > 
> > Cheers,
> > 
> > 	Jeremy.
> 
> The patch looks ok, but let me think about it some.

Don't worry, this took me a *LONG* time to figure
out it was safe, so please take your time :-) :-).


More information about the samba-technical mailing list