From: Enzo Matsumiya <ematsumiya@suse.de>
To: linux-cifs@vger.kernel.org
Cc: smfrench@gmail.com, pc@cjr.nz, ronniesahlberg@gmail.com,
nspmangalore@gmail.com
Subject: [PATCH] cifs: verify signature only for valid responses
Date: Fri, 16 Sep 2022 23:07:04 -0300 [thread overview]
Message-ID: <20220917020704.25181-1-ematsumiya@suse.de> (raw)
The signature check will always fail for a response with SMB2
Status == STATUS_END_OF_FILE, so skip the verification of those.
Also, in async IO, it doesn't make sense to verify the signature
of an unsuccessful read (rdata->result != 0), as the data is
probably corrupt/inconsistent/incomplete. Verify only the responses
of successful reads.
Signed-off-by: Enzo Matsumiya <ematsumiya@suse.de>
---
fs/cifs/smb2pdu.c | 4 ++--
fs/cifs/smb2transport.c | 1 +
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
index 6352ab32c7e7..9ae25ba909f5 100644
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -4144,8 +4144,8 @@ smb2_readv_callback(struct mid_q_entry *mid)
case MID_RESPONSE_RECEIVED:
credits.value = le16_to_cpu(shdr->CreditRequest);
credits.instance = server->reconnect_instance;
- /* result already set, check signature */
- if (server->sign && !mid->decrypted) {
+ /* check signature only if read was successful */
+ if (server->sign && !mid->decrypted && rdata->result == 0) {
int rc;
rc = smb2_verify_signature(&rqst, server);
diff --git a/fs/cifs/smb2transport.c b/fs/cifs/smb2transport.c
index 1a5fc3314dbf..37c7ed2f1984 100644
--- a/fs/cifs/smb2transport.c
+++ b/fs/cifs/smb2transport.c
@@ -668,6 +668,7 @@ smb2_verify_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
if ((shdr->Command == SMB2_NEGOTIATE) ||
(shdr->Command == SMB2_SESSION_SETUP) ||
(shdr->Command == SMB2_OPLOCK_BREAK) ||
+ (shdr->Status == STATUS_END_OF_FILE) ||
server->ignore_signature ||
(!server->session_estab))
return 0;
--
2.35.3
next reply other threads:[~2022-09-17 2:07 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-17 2:07 Enzo Matsumiya [this message]
2022-09-17 14:24 ` [PATCH] cifs: verify signature only for valid responses Tom Talpey
2022-09-17 16:28 ` Enzo Matsumiya
2022-09-17 16:52 ` Enzo Matsumiya
2022-09-18 0:10 ` Tom Talpey
2022-09-19 0:21 ` Enzo Matsumiya
2022-09-19 15:15 ` Enzo Matsumiya
2022-09-20 19:04 ` Tom Talpey
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220917020704.25181-1-ematsumiya@suse.de \
--to=ematsumiya@suse.de \
--cc=linux-cifs@vger.kernel.org \
--cc=nspmangalore@gmail.com \
--cc=pc@cjr.nz \
--cc=ronniesahlberg@gmail.com \
--cc=smfrench@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox