Linux-CIFS Archive on lore.kernel.org
 help / color / Atom feed
* Re: [MS-SMB2] 2.2.3.1.4 SMB2_NETNAME_NEGOTIATE_CONTEXT_ID
       [not found] <e51f32ff-ce54-d015-4ba0-572ec35f3e45@samba.org>
@ 2019-07-26  8:27 ` Stefan Metzmacher
  2019-08-05 22:11   ` Steve French
  0 siblings, 1 reply; 3+ messages in thread
From: Stefan Metzmacher @ 2019-07-26  8:27 UTC (permalink / raw)
  To: Steve French; +Cc: linux-cifs, Samba Technical

[-- Attachment #1.1: Type: text/plain, Size: 846 bytes --]

Hi Steve,

I just contacted dochelp for this and noticed (from reading the code)
that the kernel sends null-termination for the
SMB2_NETNAME_NEGOTIATE_CONTEXT_ID value.

I think you should fix that and backport it to stable releases,
it would be good if all clients would implement it like windows.

I implemented it for Samba here:
https://gitlab.com/samba-team/samba/merge_requests/666

metze

Am 26.07.19 um 10:22 schrieb Stefan Metzmacher via cifs-protocol:
> Hi DocHelp,
> 
> I just noticed a documentation bug in
> [MS-SMB2] 2.2.3.1.4 SMB2_NETNAME_NEGOTIATE_CONTEXT_ID:
> 
>    NetName (variable): A null-terminated Unicode string containing the
>    server name and specified by the client application.
> 
> Windows Server 1903 sends the name without null-termination, see the
> attached capture.
> 
> metze



[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [MS-SMB2] 2.2.3.1.4 SMB2_NETNAME_NEGOTIATE_CONTEXT_ID
  2019-07-26  8:27 ` [MS-SMB2] 2.2.3.1.4 SMB2_NETNAME_NEGOTIATE_CONTEXT_ID Stefan Metzmacher
@ 2019-08-05 22:11   ` Steve French
  2019-08-06  5:17     ` Stefan Metzmacher
  0 siblings, 1 reply; 3+ messages in thread
From: Steve French @ 2019-08-05 22:11 UTC (permalink / raw)
  To: Stefan Metzmacher; +Cc: Steve French, linux-cifs, Samba Technical

[-- Attachment #1: Type: text/plain, Size: 1020 bytes --]

How about this fix?


On Fri, Jul 26, 2019 at 3:29 AM Stefan Metzmacher via samba-technical
<samba-technical@lists.samba.org> wrote:
>
> Hi Steve,
>
> I just contacted dochelp for this and noticed (from reading the code)
> that the kernel sends null-termination for the
> SMB2_NETNAME_NEGOTIATE_CONTEXT_ID value.
>
> I think you should fix that and backport it to stable releases,
> it would be good if all clients would implement it like windows.
>
> I implemented it for Samba here:
> https://gitlab.com/samba-team/samba/merge_requests/666
>
> metze
>
> Am 26.07.19 um 10:22 schrieb Stefan Metzmacher via cifs-protocol:
> > Hi DocHelp,
> >
> > I just noticed a documentation bug in
> > [MS-SMB2] 2.2.3.1.4 SMB2_NETNAME_NEGOTIATE_CONTEXT_ID:
> >
> >    NetName (variable): A null-terminated Unicode string containing the
> >    server name and specified by the client application.
> >
> > Windows Server 1903 sends the name without null-termination, see the
> > attached capture.
> >
> > metze
>
>


-- 
Thanks,

Steve

[-- Attachment #2: 0001-smb3-Incorrect-size-for-netname-negotiate-context.patch --]
[-- Type: text/x-patch, Size: 1307 bytes --]

From fd9725e18f8c436e2277822eef0025baa1fe9a2a Mon Sep 17 00:00:00 2001
From: Steve French <stfrench@microsoft.com>
Date: Mon, 5 Aug 2019 17:07:26 -0500
Subject: [PATCH] smb3: Incorrect size for netname negotiate context

It is not null terminated (length was off by two).

Also see similar change to Samba:

https://gitlab.com/samba-team/samba/merge_requests/666

Reported-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
---
 fs/cifs/smb2pdu.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
index 31e4a1b0b170..5cc2ab2f2ac5 100644
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -503,8 +503,7 @@ build_netname_ctxt(struct smb2_netname_neg_context *pneg_ctxt, char *hostname)
 	pneg_ctxt->ContextType = SMB2_NETNAME_NEGOTIATE_CONTEXT_ID;
 
 	/* copy up to max of first 100 bytes of server name to NetName field */
-	pneg_ctxt->DataLength = cpu_to_le16(2 +
-		(2 * cifs_strtoUTF16(pneg_ctxt->NetName, hostname, 100, cp)));
+	pneg_ctxt->DataLength = cpu_to_le16(2 * cifs_strtoUTF16(pneg_ctxt->NetName, hostname, 100, cp));
 	/* context size is DataLength + minimal smb2_neg_context */
 	return DIV_ROUND_UP(le16_to_cpu(pneg_ctxt->DataLength) +
 			sizeof(struct smb2_neg_context), 8) * 8;
-- 
2.20.1


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [MS-SMB2] 2.2.3.1.4 SMB2_NETNAME_NEGOTIATE_CONTEXT_ID
  2019-08-05 22:11   ` Steve French
@ 2019-08-06  5:17     ` Stefan Metzmacher
  0 siblings, 0 replies; 3+ messages in thread
From: Stefan Metzmacher @ 2019-08-06  5:17 UTC (permalink / raw)
  To: Steve French; +Cc: Steve French, linux-cifs, Samba Technical

[-- Attachment #1.1: Type: text/plain, Size: 1162 bytes --]

Am 06.08.19 um 00:11 schrieb Steve French:
> How about this fix?

Looks good, if you have tested it :-)

metze

> On Fri, Jul 26, 2019 at 3:29 AM Stefan Metzmacher via samba-technical
> <samba-technical@lists.samba.org> wrote:
>>
>> Hi Steve,
>>
>> I just contacted dochelp for this and noticed (from reading the code)
>> that the kernel sends null-termination for the
>> SMB2_NETNAME_NEGOTIATE_CONTEXT_ID value.
>>
>> I think you should fix that and backport it to stable releases,
>> it would be good if all clients would implement it like windows.
>>
>> I implemented it for Samba here:
>> https://gitlab.com/samba-team/samba/merge_requests/666
>>
>> metze
>>
>> Am 26.07.19 um 10:22 schrieb Stefan Metzmacher via cifs-protocol:
>>> Hi DocHelp,
>>>
>>> I just noticed a documentation bug in
>>> [MS-SMB2] 2.2.3.1.4 SMB2_NETNAME_NEGOTIATE_CONTEXT_ID:
>>>
>>>    NetName (variable): A null-terminated Unicode string containing the
>>>    server name and specified by the client application.
>>>
>>> Windows Server 1903 sends the name without null-termination, see the
>>> attached capture.
>>>
>>> metze
>>
>>
> 
> 



[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, back to index

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <e51f32ff-ce54-d015-4ba0-572ec35f3e45@samba.org>
2019-07-26  8:27 ` [MS-SMB2] 2.2.3.1.4 SMB2_NETNAME_NEGOTIATE_CONTEXT_ID Stefan Metzmacher
2019-08-05 22:11   ` Steve French
2019-08-06  5:17     ` Stefan Metzmacher

Linux-CIFS Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-cifs/0 linux-cifs/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-cifs linux-cifs/ https://lore.kernel.org/linux-cifs \
		linux-cifs@vger.kernel.org linux-cifs@archiver.kernel.org
	public-inbox-index linux-cifs


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-cifs


AGPL code for this site: git clone https://public-inbox.org/ public-inbox