[PATCH] Reuse of nonces patch breaks SMB3.0 connections without encryption.

Jeremy Allison jra at samba.org
Wed Jun 17 12:15:50 MDT 2015


On Wed, Jun 17, 2015 at 08:43:13AM +0200, Stefan (metze) Metzmacher wrote:
> > +++ b/source3/smbd/smb2_server.c
> > @@ -1465,6 +1465,10 @@ static NTSTATUS smb2_get_new_nonce(struct smbXsrv_session *session,
> >  	uint64_t nonce_high;
> >  	uint64_t nonce_low;
> >  
> > +	if (session->nonce_high_max == 0) {
> > +		return NT_STATUS_ENCRYPTION_FAILED;
> > +	}
> > +
> 
> We don't need that we already have
> 
>         if (session->nonce_high >= session->nonce_high_max) {
>                 return NT_STATUS_ENCRYPTION_FAILED;
>         }
> 
> Which will trigger if session->nonce_high_max is 0.

OK, got it.

> >  	session->nonce_low += 1;
> >  	if (session->nonce_low == 0) {
> >  		session->nonce_low += 1;
> > diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
> > index 3e80da8..da7adb3 100644
> > --- a/source3/smbd/smb2_sesssetup.c
> > +++ b/source3/smbd/smb2_sesssetup.c
> > @@ -372,8 +372,8 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
> >  			nonce_size = AES_GCM_128_IV_SIZE;
> >  			break;
> >  		default:
> > -			ZERO_STRUCT(session_key);
> > -			return NT_STATUS_INVALID_PARAMETER;
> > +			nonce_size = 0;
> > +			break;
> >  		}
> >  		x->nonce_high_max = SMB2_NONCE_HIGH_MAX(nonce_size);
> >  		x->nonce_high = 0;
> 
> That look good.

Pushed - thanks !


More information about the samba-technical mailing list