[PATCH 5.18 133/231] smb3: workaround negprot bug in some Samba servers

From: Greg Kroah-Hartman
Date: Tue Jul 19 2022 - 09:03:53 EST

Next message: Greg Kroah-Hartman: "[PATCH 5.18 140/231] net: atlantic: remove deep parameter on suspend/resume functions"
Previous message: Greg Kroah-Hartman: "[PATCH 5.18 131/231] drm/amd/pm: Prevent divide by zero"
In reply to: Greg Kroah-Hartman: "[PATCH 5.18 131/231] drm/amd/pm: Prevent divide by zero"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.18 140/231] net: atlantic: remove deep parameter on suspend/resume functions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Steve French <stfrench@xxxxxxxxxxxxx>

[ Upstream commit 32f319183c439b239294cb2d70ada3564c4c7c39 ]

Mount can now fail to older Samba servers due to a server
bug handling padding at the end of the last negotiate
context (negotiate contexts typically are rounded up to 8
bytes by adding padding if needed). This server bug can
be avoided by switching the order of negotiate contexts,
placing a negotiate context at the end that does not
require padding (prior to the recent netname context fix
this was the case on the client).

Fixes: 73130a7b1ac9 ("smb3: fix empty netname context on secondary channels")
Reported-by: Julian Sikorski <belegdol@xxxxxxxxx>
Tested-by: Julian Sikorski <belegdol+github@xxxxxxxxx>
Reviewed-by: Shyam Prasad N <sprasad@xxxxxxxxxxxxx>
Signed-off-by: Steve French <stfrench@xxxxxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
fs/cifs/smb2pdu.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
index 6a8a00f28b19..2e6c0f4d8449 100644
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -571,10 +571,6 @@ assemble_neg_contexts(struct smb2_negotiate_req *req,
*total_len += ctxt_len;
pneg_ctxt += ctxt_len;

- build_posix_ctxt((struct smb2_posix_neg_context *)pneg_ctxt);
- *total_len += sizeof(struct smb2_posix_neg_context);
- pneg_ctxt += sizeof(struct smb2_posix_neg_context);
-
/*
* secondary channels don't have the hostname field populated
* use the hostname field in the primary channel instead
@@ -586,9 +582,14 @@ assemble_neg_contexts(struct smb2_negotiate_req *req,
hostname);
*total_len += ctxt_len;
pneg_ctxt += ctxt_len;
- neg_context_count = 4;
- } else /* second channels do not have a hostname */
neg_context_count = 3;
+ } else
+ neg_context_count = 2;
+
+ build_posix_ctxt((struct smb2_posix_neg_context *)pneg_ctxt);
+ *total_len += sizeof(struct smb2_posix_neg_context);
+ pneg_ctxt += sizeof(struct smb2_posix_neg_context);
+ neg_context_count++;

if (server->compress_algorithm) {
build_compression_ctxt((struct smb2_compression_capabilities_context *)
--
2.35.1

Next message: Greg Kroah-Hartman: "[PATCH 5.18 140/231] net: atlantic: remove deep parameter on suspend/resume functions"
Previous message: Greg Kroah-Hartman: "[PATCH 5.18 131/231] drm/amd/pm: Prevent divide by zero"
In reply to: Greg Kroah-Hartman: "[PATCH 5.18 131/231] drm/amd/pm: Prevent divide by zero"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.18 140/231] net: atlantic: remove deep parameter on suspend/resume functions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]