tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag '5.16-rc5-ksmbd-fixes' of git://git.samba.org/ksmbd

Pull ksmbd fixes from Steve French:
"Three ksmbd fixes, all for stable as well.

Two fix potential unitialized memory and one fixes a security problem
where encryption is unitentionally disabled from some clients"

* tag '5.16-rc5-ksmbd-fixes' of git://git.samba.org/ksmbd:
ksmbd: disable SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1
ksmbd: fix uninitialized symbol 'pntsd_size'
ksmbd: fix error code in ndr_read_int32()

Linus Torvalds 7a29b11d 95b40115

+26 -8
+1 -1
fs/ksmbd/ndr.c
··· 148 148 static int ndr_read_int32(struct ndr *n, __u32 *value) 149 149 { 150 150 if (n->offset + sizeof(__u32) > n->length) 151 - return 0; 151 + return -EINVAL; 152 152 153 153 if (value) 154 154 *value = le32_to_cpu(*(__le32 *)ndr_get_field(n));
-3
fs/ksmbd/smb2ops.c
··· 271 271 if (server_conf.flags & KSMBD_GLOBAL_FLAG_SMB2_LEASES) 272 272 conn->vals->capabilities |= SMB2_GLOBAL_CAP_LEASING; 273 273 274 - if (conn->cipher_type) 275 - conn->vals->capabilities |= SMB2_GLOBAL_CAP_ENCRYPTION; 276 - 277 274 if (server_conf.flags & KSMBD_GLOBAL_FLAG_SMB3_MULTICHANNEL) 278 275 conn->vals->capabilities |= SMB2_GLOBAL_CAP_MULTI_CHANNEL; 279 276
+25 -4
fs/ksmbd/smb2pdu.c
··· 915 915 } 916 916 } 917 917 918 + /** 919 + * smb3_encryption_negotiated() - checks if server and client agreed on enabling encryption 920 + * @conn: smb connection 921 + * 922 + * Return: true if connection should be encrypted, else false 923 + */ 924 + static bool smb3_encryption_negotiated(struct ksmbd_conn *conn) 925 + { 926 + if (!conn->ops->generate_encryptionkey) 927 + return false; 928 + 929 + /* 930 + * SMB 3.0 and 3.0.2 dialects use the SMB2_GLOBAL_CAP_ENCRYPTION flag. 931 + * SMB 3.1.1 uses the cipher_type field. 932 + */ 933 + return (conn->vals->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION) || 934 + conn->cipher_type; 935 + } 936 + 918 937 static void decode_compress_ctxt(struct ksmbd_conn *conn, 919 938 struct smb2_compression_capabilities_context *pneg_ctxt) 920 939 { ··· 1488 1469 (req->SecurityMode & SMB2_NEGOTIATE_SIGNING_REQUIRED)) 1489 1470 sess->sign = true; 1490 1471 1491 - if (conn->vals->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION && 1492 - conn->ops->generate_encryptionkey && 1472 + if (smb3_encryption_negotiated(conn) && 1493 1473 !(req->Flags & SMB2_SESSION_REQ_FLAG_BINDING)) { 1494 1474 rc = conn->ops->generate_encryptionkey(sess); 1495 1475 if (rc) { ··· 1577 1559 (req->SecurityMode & SMB2_NEGOTIATE_SIGNING_REQUIRED)) 1578 1560 sess->sign = true; 1579 1561 1580 - if ((conn->vals->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION) && 1581 - conn->ops->generate_encryptionkey) { 1562 + if (smb3_encryption_negotiated(conn)) { 1582 1563 retval = conn->ops->generate_encryptionkey(sess); 1583 1564 if (retval) { 1584 1565 ksmbd_debug(SMB, ··· 2979 2962 &pntsd_size, &fattr); 2980 2963 posix_acl_release(fattr.cf_acls); 2981 2964 posix_acl_release(fattr.cf_dacls); 2965 + if (rc) { 2966 + kfree(pntsd); 2967 + goto err_out; 2968 + } 2982 2969 2983 2970 rc = ksmbd_vfs_set_sd_xattr(conn, 2984 2971 user_ns,