From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: "Pali Rohár" <pali@kernel.org>,
"Steve French" <stfrench@microsoft.com>,
"Sasha Levin" <sashal@kernel.org>,
sfrench@samba.org, linux-cifs@vger.kernel.org,
samba-technical@lists.samba.org
Subject: [PATCH AUTOSEL 6.13 29/34] cifs: Fix encoding of SMB1 Session Setup Kerberos Request in non-UNICODE mode
Date: Mon, 14 Apr 2025 09:27:23 -0400 [thread overview]
Message-ID: <20250414132729.679254-29-sashal@kernel.org> (raw)
In-Reply-To: <20250414132729.679254-1-sashal@kernel.org>
From: Pali Rohár <pali@kernel.org>
[ Upstream commit 16cb6b0509b65ac89187e9402e0b7a9ddf1765ef ]
Like in UNICODE mode, SMB1 Session Setup Kerberos Request contains oslm and
domain strings.
Extract common code into ascii_oslm_strings() and ascii_domain_string()
functions (similar to unicode variants) and use these functions in
non-UNICODE code path in sess_auth_kerberos().
Decision if non-UNICODE or UNICODE mode is used is based on the
SMBFLG2_UNICODE flag in Flags2 packed field, and not based on the
capabilities of server. Fix this check too.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/smb/client/sess.c | 60 +++++++++++++++++++++++++++++---------------
1 file changed, 40 insertions(+), 20 deletions(-)
diff --git a/fs/smb/client/sess.c b/fs/smb/client/sess.c
index faa80e7d54a6e..4ca00f14872a3 100644
--- a/fs/smb/client/sess.c
+++ b/fs/smb/client/sess.c
@@ -672,6 +672,22 @@ unicode_oslm_strings(char **pbcc_area, const struct nls_table *nls_cp)
*pbcc_area = bcc_ptr;
}
+static void
+ascii_oslm_strings(char **pbcc_area, const struct nls_table *nls_cp)
+{
+ char *bcc_ptr = *pbcc_area;
+
+ strcpy(bcc_ptr, "Linux version ");
+ bcc_ptr += strlen("Linux version ");
+ strcpy(bcc_ptr, init_utsname()->release);
+ bcc_ptr += strlen(init_utsname()->release) + 1;
+
+ strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
+ bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
+
+ *pbcc_area = bcc_ptr;
+}
+
static void unicode_domain_string(char **pbcc_area, struct cifs_ses *ses,
const struct nls_table *nls_cp)
{
@@ -696,6 +712,25 @@ static void unicode_domain_string(char **pbcc_area, struct cifs_ses *ses,
*pbcc_area = bcc_ptr;
}
+static void ascii_domain_string(char **pbcc_area, struct cifs_ses *ses,
+ const struct nls_table *nls_cp)
+{
+ char *bcc_ptr = *pbcc_area;
+ int len;
+
+ /* copy domain */
+ if (ses->domainName != NULL) {
+ len = strscpy(bcc_ptr, ses->domainName, CIFS_MAX_DOMAINNAME_LEN);
+ if (WARN_ON_ONCE(len < 0))
+ len = CIFS_MAX_DOMAINNAME_LEN - 1;
+ bcc_ptr += len;
+ } /* else we send a null domain name so server will default to its own domain */
+ *bcc_ptr = 0;
+ bcc_ptr++;
+
+ *pbcc_area = bcc_ptr;
+}
+
static void unicode_ssetup_strings(char **pbcc_area, struct cifs_ses *ses,
const struct nls_table *nls_cp)
{
@@ -741,25 +776,10 @@ static void ascii_ssetup_strings(char **pbcc_area, struct cifs_ses *ses,
*bcc_ptr = 0;
bcc_ptr++; /* account for null termination */
- /* copy domain */
- if (ses->domainName != NULL) {
- len = strscpy(bcc_ptr, ses->domainName, CIFS_MAX_DOMAINNAME_LEN);
- if (WARN_ON_ONCE(len < 0))
- len = CIFS_MAX_DOMAINNAME_LEN - 1;
- bcc_ptr += len;
- } /* else we send a null domain name so server will default to its own domain */
- *bcc_ptr = 0;
- bcc_ptr++;
-
/* BB check for overflow here */
- strcpy(bcc_ptr, "Linux version ");
- bcc_ptr += strlen("Linux version ");
- strcpy(bcc_ptr, init_utsname()->release);
- bcc_ptr += strlen(init_utsname()->release) + 1;
-
- strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
- bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
+ ascii_domain_string(&bcc_ptr, ses, nls_cp);
+ ascii_oslm_strings(&bcc_ptr, nls_cp);
*pbcc_area = bcc_ptr;
}
@@ -1562,7 +1582,7 @@ sess_auth_kerberos(struct sess_data *sess_data)
sess_data->iov[1].iov_len = msg->secblob_len;
pSMB->req.SecurityBlobLength = cpu_to_le16(sess_data->iov[1].iov_len);
- if (ses->capabilities & CAP_UNICODE) {
+ if (pSMB->req.hdr.Flags2 & SMBFLG2_UNICODE) {
/* unicode strings must be word aligned */
if (!IS_ALIGNED(sess_data->iov[0].iov_len + sess_data->iov[1].iov_len, 2)) {
*bcc_ptr = 0;
@@ -1571,8 +1591,8 @@ sess_auth_kerberos(struct sess_data *sess_data)
unicode_oslm_strings(&bcc_ptr, sess_data->nls_cp);
unicode_domain_string(&bcc_ptr, ses, sess_data->nls_cp);
} else {
- /* BB: is this right? */
- ascii_ssetup_strings(&bcc_ptr, ses, sess_data->nls_cp);
+ ascii_oslm_strings(&bcc_ptr, sess_data->nls_cp);
+ ascii_domain_string(&bcc_ptr, ses, sess_data->nls_cp);
}
sess_data->iov[2].iov_len = (long) bcc_ptr -
--
2.39.5
next prev parent reply other threads:[~2025-04-14 13:28 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-14 13:26 [PATCH AUTOSEL 6.13 01/34] KVM: s390: Don't use %pK through tracepoints Sasha Levin
2025-04-14 13:26 ` [PATCH AUTOSEL 6.13 02/34] KVM: s390: Don't use %pK through debug printing Sasha Levin
2025-04-14 13:26 ` [PATCH AUTOSEL 6.13 03/34] udmabuf: fix a buf size overflow issue during udmabuf creation Sasha Levin
2025-04-14 13:26 ` [PATCH AUTOSEL 6.13 04/34] cgroup/cpuset: Don't allow creation of local partition over a remote one Sasha Levin
2025-04-14 13:26 ` [PATCH AUTOSEL 6.13 05/34] selftests: ublk: fix test_stripe_04 Sasha Levin
2025-04-14 13:27 ` [PATCH AUTOSEL 6.13 06/34] perf/core: Fix WARN_ON(!ctx) in __free_event() for partial init Sasha Levin
2025-04-14 13:27 ` [PATCH AUTOSEL 6.13 07/34] xen: Change xen-acpi-processor dom0 dependency Sasha Levin
2025-04-14 13:27 ` [PATCH AUTOSEL 6.13 08/34] pwm: Let pwm_set_waveform() succeed even if lowlevel driver rounded up Sasha Levin
2025-04-14 13:27 ` [PATCH AUTOSEL 6.13 09/34] pwm: axi-pwmgen: Let .round_waveform_tohw() signal when request was " Sasha Levin
2025-04-14 13:27 ` [PATCH AUTOSEL 6.13 10/34] nvme: requeue namespace scan on missed AENs Sasha Levin
2025-04-14 13:27 ` [PATCH AUTOSEL 6.13 11/34] ACPI: EC: Set ec_no_wakeup for Lenovo Go S Sasha Levin
2025-04-14 13:27 ` [PATCH AUTOSEL 6.13 12/34] ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls Sasha Levin
2025-04-14 13:27 ` [PATCH AUTOSEL 6.13 13/34] drm/amdkfd: sriov doesn't support per queue reset Sasha Levin
2025-04-14 13:27 ` [PATCH AUTOSEL 6.13 14/34] drm/amdgpu: Increase KIQ invalidate_tlbs timeout Sasha Levin
2025-04-14 13:27 ` [PATCH AUTOSEL 6.13 15/34] drm/amdgpu: allow pinning DMA-bufs into VRAM if all importers can do P2P Sasha Levin
2025-04-14 13:48 ` [Linaro-mm-sig] " Alex Deucher
2025-04-27 23:59 ` Sasha Levin
2025-04-14 13:27 ` [PATCH AUTOSEL 6.13 16/34] drm/xe/xe3lpg: Apply Wa_14022293748, Wa_22019794406 Sasha Levin
2025-04-14 13:27 ` [PATCH AUTOSEL 6.13 17/34] nvme: re-read ANA log page after ns scan completes Sasha Levin
2025-04-14 13:27 ` [PATCH AUTOSEL 6.13 18/34] nvme: multipath: fix return value of nvme_available_path Sasha Levin
2025-04-14 13:27 ` [PATCH AUTOSEL 6.13 19/34] objtool: Stop UNRET validation on UD2 Sasha Levin
2025-04-14 13:27 ` [PATCH AUTOSEL 6.13 20/34] gpiolib: of: Move Atmel HSMCI quirk up out of the regulator comment Sasha Levin
2025-04-14 13:27 ` [PATCH AUTOSEL 6.13 21/34] x86/xen: disable CPU idle and frequency drivers for PVH dom0 Sasha Levin
2025-04-14 13:27 ` [PATCH AUTOSEL 6.13 22/34] selftests/mincore: Allow read-ahead pages to reach the end of the file Sasha Levin
2025-04-14 13:27 ` [PATCH AUTOSEL 6.13 23/34] x86/bugs: Use SBPB in write_ibpb() if applicable Sasha Levin
2025-04-14 13:27 ` [PATCH AUTOSEL 6.13 24/34] x86/bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline Sasha Levin
2025-04-14 13:27 ` [PATCH AUTOSEL 6.13 25/34] x86/bugs: Don't fill RSB on context switch with eIBRS Sasha Levin
2025-04-14 13:27 ` [PATCH AUTOSEL 6.13 26/34] nvmet-fc: take tgtport reference only once Sasha Levin
2025-04-14 13:27 ` [PATCH AUTOSEL 6.13 27/34] nvmet-fc: put ref when assoc->del_work is already scheduled Sasha Levin
2025-04-14 13:27 ` [PATCH AUTOSEL 6.13 28/34] net_sched: sch_sfq: use a temporary work area for validating configuration Sasha Levin
2025-04-14 13:27 ` Sasha Levin [this message]
2025-04-14 13:27 ` [PATCH AUTOSEL 6.13 30/34] timekeeping: Add a lockdep override in tick_freeze() Sasha Levin
2025-04-14 13:27 ` [PATCH AUTOSEL 6.13 31/34] cifs: Fix querying of WSL CHR and BLK reparse points over SMB1 Sasha Levin
2025-04-14 13:27 ` [PATCH AUTOSEL 6.13 32/34] net: phy: move phy_link_change() prior to mdio_bus_phy_may_suspend() Sasha Levin
2025-04-14 13:27 ` [PATCH AUTOSEL 6.13 33/34] iommu: Clear iommu-dma ops on cleanup Sasha Levin
2025-04-14 13:27 ` [PATCH AUTOSEL 6.13 34/34] ext4: make block validity check resistent to sb bh corruption Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250414132729.679254-29-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=linux-cifs@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pali@kernel.org \
--cc=samba-technical@lists.samba.org \
--cc=sfrench@samba.org \
--cc=stable@vger.kernel.org \
--cc=stfrench@microsoft.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.