SMB311: Improve checking of negotiate security contexts

SMB3.11 crypto and hash contexts were not being checked strictly enough. Add parsing and validity checking for the security contexts in the SMB3.11 negotiate response. Signed-off-by: Steve French <smfrench@gmail.com> CC: Stable <stable@vger.kernel.org> Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
author: Steve French <smfrench@gmail.com> 2018-04-09 10:47:14 -0500
committer: Steve French <smfrench@gmail.com> 2018-04-12 16:54:06 -0500
commit: 5100d8a3fe034845926266a4e7f5bdcbb859088b (patch)
tree: 350de14c3b16b0657664b18e4c045a96a4f574c6 /fs/cifs/smb2pdu.h
parent: 136ff1b4b65edf09b6b7173ba94ad53347d3aa83 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/fs/cifs/smb2pdu.h b/fs/cifs/smb2pdu.h
index 0e0a0af89e4d..6093e5142b2b 100644
--- a/fs/cifs/smb2pdu.h
+++ b/fs/cifs/smb2pdu.h
@@ -275,6 +275,7 @@ struct smb2_neg_context {
 #define SMB2_PREAUTH_INTEGRITY_SHA512	cpu_to_le16(0x0001)
 #define SMB2_PREAUTH_HASH_SIZE 64
 
+#define MIN_PREAUTH_CTXT_DATA_LEN	(SMB311_SALT_SIZE + 6)
 struct smb2_preauth_neg_context {
 	__le16	ContextType; /* 1 */
 	__le16	DataLength;
@@ -289,6 +290,8 @@ struct smb2_preauth_neg_context {
 #define SMB2_ENCRYPTION_AES128_CCM	cpu_to_le16(0x0001)
 #define SMB2_ENCRYPTION_AES128_GCM	cpu_to_le16(0x0002)
 
+/* Min encrypt context data is one cipher so 2 bytes + 2 byte count field */
+#define MIN_ENCRYPT_CTXT_DATA_LEN	4
 struct smb2_encryption_neg_context {
 	__le16	ContextType; /* 2 */
 	__le16	DataLength;
author	Steve French <smfrench@gmail.com>	2018-04-09 10:47:14 -0500
committer	Steve French <smfrench@gmail.com>	2018-04-12 16:54:06 -0500
commit	5100d8a3fe034845926266a4e7f5bdcbb859088b (patch)
tree	350de14c3b16b0657664b18e4c045a96a4f574c6 /fs/cifs/smb2pdu.h
parent	136ff1b4b65edf09b6b7173ba94ad53347d3aa83 (diff)