[PATCH] Reuse of nonces patch breaks SMB3.0 connections without encryption.
Jeremy Allison
jra at samba.org
Wed Jun 17 12:15:50 MDT 2015
On Wed, Jun 17, 2015 at 08:43:13AM +0200, Stefan (metze) Metzmacher wrote:
> > +++ b/source3/smbd/smb2_server.c
> > @@ -1465,6 +1465,10 @@ static NTSTATUS smb2_get_new_nonce(struct smbXsrv_session *session,
> > uint64_t nonce_high;
> > uint64_t nonce_low;
> >
> > + if (session->nonce_high_max == 0) {
> > + return NT_STATUS_ENCRYPTION_FAILED;
> > + }
> > +
>
> We don't need that we already have
>
> if (session->nonce_high >= session->nonce_high_max) {
> return NT_STATUS_ENCRYPTION_FAILED;
> }
>
> Which will trigger if session->nonce_high_max is 0.
OK, got it.
> > session->nonce_low += 1;
> > if (session->nonce_low == 0) {
> > session->nonce_low += 1;
> > diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
> > index 3e80da8..da7adb3 100644
> > --- a/source3/smbd/smb2_sesssetup.c
> > +++ b/source3/smbd/smb2_sesssetup.c
> > @@ -372,8 +372,8 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
> > nonce_size = AES_GCM_128_IV_SIZE;
> > break;
> > default:
> > - ZERO_STRUCT(session_key);
> > - return NT_STATUS_INVALID_PARAMETER;
> > + nonce_size = 0;
> > + break;
> > }
> > x->nonce_high_max = SMB2_NONCE_HIGH_MAX(nonce_size);
> > x->nonce_high = 0;
>
> That look good.
Pushed - thanks !
More information about the samba-technical
mailing list