[SRU][Trusty][PATCH 0/1] SMB3: Validate negotiate request must always be signed

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

[SRU][Trusty][PATCH 0/1] SMB3: Validate negotiate request must always be signed

Joseph Salisbury-3
BugLink: http://bugs.launchpad.net/bugs/1729337

== SRU Justification ==
A regression was introduced in all Ubuntu kernels.  The regression was
introduced in 3.13.0-135 for Trusty.  The 3.13.0-133 kernel did not exhibit the bug.  
It was found that the regression is fixed by mainline commit:
4587eee04e2a ("SMB3: Validate negotiate request must always be signed").

This fix is required in all Ubuntu supported releases.  Commit 4587eee04e2a
landed in mailine as of 4.14-rc7.  It  was also cc'd to upstream stable.  Upstream
3.13 is EOL, which is the reason for thie SRU request.

== Fix ==
commit 4587eee04e2ac7ac3ac9fa2bc164fb6e548f99cd
Author: Steve French <[hidden email]>
Date:   Wed Oct 25 15:58:31 2017 -0500
    SMB3: Validate negotiate request must always be signed

== Regression Potential ==
This patch is to fix a regression.  It was also cc'd to upstream stable, so
it received addition review upstream.

== Test Case ==
A test kernel was built with this patch and tested by the original bug reporter.
The bug reporter states the test kernel resolved the bug.


Steve French (1):
  SMB3: Validate negotiate request must always be signed

 fs/cifs/smb2pdu.c | 3 +++
 1 file changed, 3 insertions(+)

--
2.7.4


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

[SRU][Trusty][PATCH 1/1] SMB3: Validate negotiate request must always be signed

Joseph Salisbury-3
From: Steve French <[hidden email]>

BugLink: http://bugs.launchpad.net/bugs/1729337

According to MS-SMB2 3.2.55 validate_negotiate request must
always be signed. Some Windows can fail the request if you send it unsigned

See kernel bugzilla bug 197311

CC: Stable <[hidden email]>
Acked-by: Ronnie Sahlberg <lsahlber.redhat.com>
Signed-off-by: Steve French <[hidden email]>
(back ported from commit 4587eee04e2ac7ac3ac9fa2bc164fb6e548f99cd)
Signed-off-by: Joseph Salisbury <[hidden email]>
---
 fs/cifs/smb2pdu.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
index 1b84dae..07883c5 100644
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -1299,6 +1299,9 @@ SMB2_ioctl(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid,
  } else
  iov[0].iov_len = get_rfc1002_length(req) + 4;
 
+ /* validate negotiate request must be signed - see MS-SMB2 3.2.5.5 */
+ if (opcode == FSCTL_VALIDATE_NEGOTIATE_INFO)
+ req->hdr.Flags |= SMB2_FLAGS_SIGNED;
 
  rc = SendReceive2(xid, ses, iov, num_iovecs, &resp_buftype, 0);
  rsp = (struct smb2_ioctl_rsp *)iov[0].iov_base;
--
2.7.4


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

Re: [SRU][Trusty][PATCH 0/1] SMB3: Validate negotiate request must always be signed

Kleber Souza
In reply to this post by Joseph Salisbury-3
On 11/03/17 17:49, Joseph Salisbury wrote:
> BugLink: http://bugs.launchpad.net/bugs/1729337
>
> == SRU Justification ==
> A regression was introduced in all Ubuntu kernels.  The regression was
> introduced in 3.13.0-135 for Trusty.  The 3.13.0-133 kernel did not exhibit the bug.  
> It was found that the regression is fixed by mainline commit:
> 4587eee04e2a ("SMB3: Validate negotiate request must always be signed").

Hi Joseph,

It's strange that reverting to 3.13.0-133 fixed the issue since there
wasn't any cifs related change from 3.13.0-133 to 3.13.0-135. Also, on
kernel bugzilla 197311 it's mentioned that this was introduced by
0603c96f upstream ("SMB: Validate negotiate (to protect against
downgrade) even if signing off"), which was not backported for Trusty,
but was for Xenial and Artful (which makes me also wonder if the other
patch is really needed for Zesty).


Kleber

>
> This fix is required in all Ubuntu supported releases.  Commit 4587eee04e2a
> landed in mailine as of 4.14-rc7.  It  was also cc'd to upstream stable.  Upstream
> 3.13 is EOL, which is the reason for thie SRU request.
>
> == Fix ==
> commit 4587eee04e2ac7ac3ac9fa2bc164fb6e548f99cd
> Author: Steve French <[hidden email]>
> Date:   Wed Oct 25 15:58:31 2017 -0500
>     SMB3: Validate negotiate request must always be signed
>
> == Regression Potential ==
> This patch is to fix a regression.  It was also cc'd to upstream stable, so
> it received addition review upstream.
>
> == Test Case ==
> A test kernel was built with this patch and tested by the original bug reporter.
> The bug reporter states the test kernel resolved the bug.
>
>
> Steve French (1):
>   SMB3: Validate negotiate request must always be signed
>
>  fs/cifs/smb2pdu.c | 3 +++
>  1 file changed, 3 insertions(+)
>

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

Re: [SRU][Trusty][PATCH 0/1] SMB3: Validate negotiate request must always be signed

Joseph Salisbury-3
On 11/14/2017 12:37 PM, Kleber Souza wrote:

> On 11/03/17 17:49, Joseph Salisbury wrote:
>> BugLink: http://bugs.launchpad.net/bugs/1729337
>>
>> == SRU Justification ==
>> A regression was introduced in all Ubuntu kernels.  The regression was
>> introduced in 3.13.0-135 for Trusty.  The 3.13.0-133 kernel did not exhibit the bug.  
>> It was found that the regression is fixed by mainline commit:
>> 4587eee04e2a ("SMB3: Validate negotiate request must always be signed").
> Hi Joseph,
>
> It's strange that reverting to 3.13.0-133 fixed the issue since there
> wasn't any cifs related change from 3.13.0-133 to 3.13.0-135. Also, on
> kernel bugzilla 197311 it's mentioned that this was introduced by
> 0603c96f upstream ("SMB: Validate negotiate (to protect against
> downgrade) even if signing off"), which was not backported for Trusty,
> but was for Xenial and Artful (which makes me also wonder if the other
> patch is really needed for Zesty).
Thanks for the review.  I'll confirm whether this commit is really
needed for Trusty or not.  If it isn't, I'll NAK the SRU request. 

>
>
> Kleber
>
>> This fix is required in all Ubuntu supported releases.  Commit 4587eee04e2a
>> landed in mailine as of 4.14-rc7.  It  was also cc'd to upstream stable.  Upstream
>> 3.13 is EOL, which is the reason for thie SRU request.
>>
>> == Fix ==
>> commit 4587eee04e2ac7ac3ac9fa2bc164fb6e548f99cd
>> Author: Steve French <[hidden email]>
>> Date:   Wed Oct 25 15:58:31 2017 -0500
>>     SMB3: Validate negotiate request must always be signed
>>
>> == Regression Potential ==
>> This patch is to fix a regression.  It was also cc'd to upstream stable, so
>> it received addition review upstream.
>>
>> == Test Case ==
>> A test kernel was built with this patch and tested by the original bug reporter.
>> The bug reporter states the test kernel resolved the bug.
>>
>>
>> Steve French (1):
>>   SMB3: Validate negotiate request must always be signed
>>
>>  fs/cifs/smb2pdu.c | 3 +++
>>  1 file changed, 3 insertions(+)
>>


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

Re: [SRU][Trusty][PATCH 0/1] SMB3: Validate negotiate request must always be signed

Joseph Salisbury-3
In reply to this post by Kleber Souza
On 11/14/2017 12:37 PM, Kleber Souza wrote:

> On 11/03/17 17:49, Joseph Salisbury wrote:
>> BugLink: http://bugs.launchpad.net/bugs/1729337
>>
>> == SRU Justification ==
>> A regression was introduced in all Ubuntu kernels.  The regression was
>> introduced in 3.13.0-135 for Trusty.  The 3.13.0-133 kernel did not exhibit the bug.  
>> It was found that the regression is fixed by mainline commit:
>> 4587eee04e2a ("SMB3: Validate negotiate request must always be signed").
> Hi Joseph,
>
> It's strange that reverting to 3.13.0-133 fixed the issue since there
> wasn't any cifs related change from 3.13.0-133 to 3.13.0-135. Also, on
> kernel bugzilla 197311 it's mentioned that this was introduced by
> 0603c96f upstream ("SMB: Validate negotiate (to protect against
> downgrade) even if signing off"), which was not backported for Trusty,
> but was for Xenial and Artful (which makes me also wonder if the other
> patch is really needed for Zesty).
>
>
> Kleber
I can confirm your analysis.  For now, I'm going to NAK my Trusty and
Zesty SRU requests and investigate further.  Xenial SRU is still valid,
and Artful fix is already in master-next, so I marked that series fix
committed.  I'll respond when I have more details.

>
>> This fix is required in all Ubuntu supported releases.  Commit 4587eee04e2a
>> landed in mailine as of 4.14-rc7.  It  was also cc'd to upstream stable.  Upstream
>> 3.13 is EOL, which is the reason for thie SRU request.
>>
>> == Fix ==
>> commit 4587eee04e2ac7ac3ac9fa2bc164fb6e548f99cd
>> Author: Steve French <[hidden email]>
>> Date:   Wed Oct 25 15:58:31 2017 -0500
>>     SMB3: Validate negotiate request must always be signed
>>
>> == Regression Potential ==
>> This patch is to fix a regression.  It was also cc'd to upstream stable, so
>> it received addition review upstream.
>>
>> == Test Case ==
>> A test kernel was built with this patch and tested by the original bug reporter.
>> The bug reporter states the test kernel resolved the bug.
>>
>>
>> Steve French (1):
>>   SMB3: Validate negotiate request must always be signed
>>
>>  fs/cifs/smb2pdu.c | 3 +++
>>  1 file changed, 3 insertions(+)
>>


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

NAK [SRU][Trusty][PATCH 0/1] SMB3: Validate negotiate request must always be signed

Joseph Salisbury-3
In reply to this post by Joseph Salisbury-3