Merge tag 'v7.0-rc1-ksmbd-server-fixes' of git://git.samba.org/ksmbd

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Pull smb server fixes from Steve French:

- auth security improvement

- fix potential buffer overflow in smbdirect negotiation

* tag 'v7.0-rc1-ksmbd-server-fixes' of git://git.samba.org/ksmbd:
ksmbd: fix signededness bug in smb_direct_prepare_negotiation()
ksmbd: Compare MACs in constant time

Linus Torvalds 3 months ago a75cb869 69062f23

+9 -5

4 changed files

expand all

smb

server

Kconfig

auth.c

smb2pdu.c

transport_rdma.c

fs/smb/server/Kconfig

··· 13 13 select CRYPTO_LIB_MD5 14 14 select CRYPTO_LIB_SHA256 15 15 select CRYPTO_LIB_SHA512 16 + select CRYPTO_LIB_UTILS 16 17 select CRYPTO_CMAC 17 18 select CRYPTO_AEAD2 18 19 select CRYPTO_CCM

+3 -1

fs/smb/server/auth.c

··· 15 15 #include <crypto/aead.h> 16 16 #include <crypto/md5.h> 17 17 #include <crypto/sha2.h> 18 + #include <crypto/utils.h> 18 19 #include <linux/random.h> 19 20 #include <linux/scatterlist.h> 20 21 ··· 166 165 ntlmv2_rsp, CIFS_HMAC_MD5_HASH_SIZE, 167 166 sess->sess_key); 168 167 169 - if (memcmp(ntlmv2->ntlmv2_hash, ntlmv2_rsp, CIFS_HMAC_MD5_HASH_SIZE) != 0) 168 + if (crypto_memneq(ntlmv2->ntlmv2_hash, ntlmv2_rsp, 169 + CIFS_HMAC_MD5_HASH_SIZE)) 170 170 return -EINVAL; 171 171 return 0; 172 172 }

+3 -2

fs/smb/server/smb2pdu.c

··· 4 4 * Copyright (C) 2018 Samsung Electronics Co., Ltd. 5 5 */ 6 6 7 + #include <crypto/utils.h> 7 8 #include <linux/inetdevice.h> 8 9 #include <net/addrconf.h> 9 10 #include <linux/syscalls.h> ··· 8881 8880 ksmbd_sign_smb2_pdu(work->conn, work->sess->sess_key, iov, 1, 8882 8881 signature); 8883 8882 8884 - if (memcmp(signature, signature_req, SMB2_SIGNATURE_SIZE)) { 8883 + if (crypto_memneq(signature, signature_req, SMB2_SIGNATURE_SIZE)) { 8885 8884 pr_err("bad smb2 signature\n"); 8886 8885 return 0; 8887 8886 } ··· 8969 8968 if (ksmbd_sign_smb3_pdu(conn, signing_key, iov, 1, signature)) 8970 8969 return 0; 8971 8970 8972 - if (memcmp(signature, signature_req, SMB2_SIGNATURE_SIZE)) { 8971 + if (crypto_memneq(signature, signature_req, SMB2_SIGNATURE_SIZE)) { 8973 8972 pr_err("bad smb2 signature\n"); 8974 8973 return 0; 8975 8974 }

+2 -2

fs/smb/server/transport_rdma.c

··· 2540 2540 goto put; 2541 2541 2542 2542 req = (struct smbdirect_negotiate_req *)recvmsg->packet; 2543 - sp->max_recv_size = min_t(int, sp->max_recv_size, 2543 + sp->max_recv_size = min_t(u32, sp->max_recv_size, 2544 2544 le32_to_cpu(req->preferred_send_size)); 2545 - sp->max_send_size = min_t(int, sp->max_send_size, 2545 + sp->max_send_size = min_t(u32, sp->max_send_size, 2546 2546 le32_to_cpu(req->max_receive_size)); 2547 2547 sp->max_fragmented_send_size = 2548 2548 le32_to_cpu(req->max_fragmented_size);

Configure Feed

Configure Feed