Signature check for LOGOFF response
Tom Talpey
tom at talpey.com
Thu Mar 24 18:48:22 UTC 2022
On 3/24/2022 12:23 PM, Jeremy Allison wrote:
> On Thu, Mar 24, 2022 at 11:04:30AM -0400, Tom Talpey wrote:
>> On 3/23/2022 1:29 PM, Enzo Matsumiya wrote:
>>> Hi Tom,
>>>
>>> On 03/19, Tom Talpey wrote:
>>>> What server is returning this unsigned response? Assuming it's Windows,
>>>> that is either a doc bug or (arguably) a server bug, and should be
>>>> reported before deciding how to address it here.
>>>
>>> It's a NetApp ONTAP 9.5P13. We've identified it's also setting wrong
>>> signatures on READ responses with STATUS_END_OF_FILE.
>>>
>>> Our tests against Windows Server 2019 showed it to behave ok, so it
>>> looks like something on NetApp side.
>>
>> In this case I don't think it is appropriate to apply the suggested
>> patch. Allowing unsigned or invalidly signed responses will greatly
>> reduce security. I'll be interested if NetApp provides any information.
>
> Welcome to our world :-). Doing:
>
> git log|grep -i NetApp|wc -l
>
> shows 32 instances (some are commit messages with NetApp in
> them two or more times so the number is probably a little
> smaller than 32) of commits in Samba especially to
> deal with NetApp bugs :-).
>
> That's a lot of client bugfixes :-).
Well, it could be argued that this is prolonging the bad behavior.
The NFS client maintainer's approach is the opposite - if the server
is violating the protocol, he holds the line and will not change
the client. I know, I know, it's all in how each person sees it. :)
Tom.
More information about the samba-technical
mailing list