[SRU][Xenial][Zesty][Artful][P
Locked
[SRU][Xenial][Zesty][Artful][P
 
|
[SRU][Xenial][Zesty][Artful][P
|
|
ACK/cmnt[X/Z]: [SRU][Xenial][Zesty][Artful][P
|
|
ACK: [SRU][Xenial][Zesty][Artful][P
|
|
In reply to this post by Joseph Salisbury-3
On 03.11.2017 17:44, Joseph Salisbury wrote:
> From: Steve French <[hidden email]> > > BugLink: http://bugs.launchpad.net/bugs/1729337 > > According to MS-SMB2 3.2.55 validate_negotiate request must > always be signed. Some Windows can fail the request if you send it unsigned > > See kernel bugzilla bug 197311 > > CC: Stable <[hidden email]> > Acked-by: Ronnie Sahlberg <lsahlber.redhat.com> > Signed-off-by: Steve French <[hidden email]> > (cherry picked from commit 4587eee04e2ac7ac3ac9fa2bc164fb6e548f99cd) > Signed-off-by: Joseph Salisbury <[hidden email]> > --- > fs/cifs/smb2pdu.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c > index 7aa6720..58ce078 100644 > --- a/fs/cifs/smb2pdu.c > +++ b/fs/cifs/smb2pdu.c > @@ -1888,6 +1888,9 @@ SMB2_ioctl(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid, > } else > iov[0].iov_len = get_rfc1002_length(req) + 4; > > + /* validate negotiate request must be signed - see MS-SMB2 3.2.5.5 */ > + if (opcode == FSCTL_VALIDATE_NEGOTIATE_INFO) > + req->hdr.sync_hdr.Flags |= SMB2_FLAGS_SIGNED; > > rc = SendReceive2(xid, ses, iov, n_iov, &resp_buftype, flags, &rsp_iov); > cifs_small_buf_release(req); > -- kernel-team mailing list [hidden email] https://lists.ubuntu.com/mailman/listinfo/kernel-team |
signature.asc (836 bytes)
NAK [SRU][Zesty][PATCH 0/1] SMB3: Validate negotiate request must always be signed
|
|
APPLIED[Xenial]: [SRU][Xenial][Zesty][Artful][P
|
|
In reply to this post by Joseph Salisbury-3
On 03.11.2017 17:44, Joseph Salisbury wrote:
> BugLink: http://bugs.launchpad.net/bugs/1729337 > > == SRU Justification == > The bug reporter stated they have a cluster of servers that applied Xenial updates > and then were unable to mount CIFS shares after upgrading to 4.4.0-98. The > same machines on 4.4.0-97 do not hit the regression. It was found that the > regression is fixed by mainline commit: > 4587eee04e2a ("SMB3: Validate negotiate request must always be signed"). > > This fix is required in all Ubuntu supported releases. Commit 4587eee04e2a > landed in mailine as of 4.14-rc7. It was also cc'd to upstream stable, > but it has not landed in any stable releases yet, which is the reason for > this SRU. > > Commit 4587eee04e2a is also required in Trusty, but Trusty needs a minor backort, > so it's SRU will be sent seperate. > > > == Fix == > commit 4587eee04e2ac7ac3ac9fa2bc164fb6e548f99cd > Author: Steve French <[hidden email]> > Date: Wed Oct 25 15:58:31 2017 -0500 > SMB3: Validate negotiate request must always be signed > > == Regression Potential == > This patch is to fix a regression. It was also cc'd to upstream stable, so > it received addition review upstream. > > == Test Case == > A test kernel was built with this patch and tested by the original bug reporter. > The bug reporter states the test kernel resolved the bug. > > Steve French (1): > SMB3: Validate negotiate request must always be signed > > fs/cifs/smb2pdu.c | 3 +++ > 1 file changed, 3 insertions(+) > applied)? -Stefan -- kernel-team mailing list [hidden email] https://lists.ubuntu.com/mailman/listinfo/kernel-team |
Re: APPLIED[Xenial]: [SRU][Xenial][Zesty][Artful][P
|
|
On 11/20/2017 06:09 AM, Stefan Bader wrote:
> On 03.11.2017 17:44, Joseph Salisbury wrote: >> BugLink: http://bugs.launchpad.net/bugs/1729337 >> >> == SRU Justification == >> The bug reporter stated they have a cluster of servers that applied Xenial updates >> and then were unable to mount CIFS shares after upgrading to 4.4.0-98. The >> same machines on 4.4.0-97 do not hit the regression. It was found that the >> regression is fixed by mainline commit: >> 4587eee04e2a ("SMB3: Validate negotiate request must always be signed"). >> >> This fix is required in all Ubuntu supported releases. Commit 4587eee04e2a >> landed in mailine as of 4.14-rc7. It was also cc'd to upstream stable, >> but it has not landed in any stable releases yet, which is the reason for >> this SRU. >> >> Commit 4587eee04e2a is also required in Trusty, but Trusty needs a minor backort, >> so it's SRU will be sent seperate. >> >> >> == Fix == >> commit 4587eee04e2ac7ac3ac9fa2bc164fb6e548f99cd >> Author: Steve French <[hidden email]> >> Date: Wed Oct 25 15:58:31 2017 -0500 >> SMB3: Validate negotiate request must always be signed >> >> == Regression Potential == >> This patch is to fix a regression. It was also cc'd to upstream stable, so >> it received addition review upstream. >> >> == Test Case == >> A test kernel was built with this patch and tested by the original bug reporter. >> The bug reporter states the test kernel resolved the bug. >> >> Steve French (1): >> SMB3: Validate negotiate request must always be signed >> >> fs/cifs/smb2pdu.c | 3 +++ >> 1 file changed, 3 insertions(+) >> > Applied to Xenial master-next. Wondering about the NAK for Zesty: was that > intentional or should that have been Artful (where it is said to be already > applied)? > > -Stefan > > 0603c96f ("SMB: Validate negotiate (to protect against downgrade)downgrade) even if signing off"). This commit never made it to Zesty because upstream 4.10 is EOL. -- kernel-team mailing list [hidden email] https://lists.ubuntu.com/mailman/listinfo/kernel-team |
| Free forum by Nabble | Edit this page |