Re: [MS-SMB2] 2.2.3.1.4 SMB2_NETNAME_NEGOTIATE_CONTEXT_ID

Re: [MS-SMB2] 2.2.3.1.4 SMB2_NETNAME_NEGOTIATE_CONTEXT_ID

[Stefan Metzmacher]

[-- Attachment #1.1: Type: text/plain, Size: 846 bytes --]

Hi Steve,

I just contacted dochelp for this and noticed (from reading the code)
that the kernel sends null-termination for the
SMB2_NETNAME_NEGOTIATE_CONTEXT_ID value.

I think you should fix that and backport it to stable releases,
it would be good if all clients would implement it like windows.

I implemented it for Samba here:
https://gitlab.com/samba-team/samba/merge_requests/666

metze

Am 26.07.19 um 10:22 schrieb Stefan Metzmacher via cifs-protocol:
> Hi DocHelp,
> 
> I just noticed a documentation bug in
> [MS-SMB2] 2.2.3.1.4 SMB2_NETNAME_NEGOTIATE_CONTEXT_ID:
> 
>    NetName (variable): A null-terminated Unicode string containing the
>    server name and specified by the client application.
> 
> Windows Server 1903 sends the name without null-termination, see the
> attached capture.
> 
> metze



[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [MS-SMB2] 2.2.3.1.4 SMB2_NETNAME_NEGOTIATE_CONTEXT_ID

[Steve French]

[-- Attachment #1: Type: text/plain, Size: 1020 bytes --]

How about this fix?


On Fri, Jul 26, 2019 at 3:29 AM Stefan Metzmacher via samba-technical
<samba-technical@lists.samba.org> wrote:
>
> Hi Steve,
>
> I just contacted dochelp for this and noticed (from reading the code)
> that the kernel sends null-termination for the
> SMB2_NETNAME_NEGOTIATE_CONTEXT_ID value.
>
> I think you should fix that and backport it to stable releases,
> it would be good if all clients would implement it like windows.
>
> I implemented it for Samba here:
> https://gitlab.com/samba-team/samba/merge_requests/666
>
> metze
>
> Am 26.07.19 um 10:22 schrieb Stefan Metzmacher via cifs-protocol:
> > Hi DocHelp,
> >
> > I just noticed a documentation bug in
> > [MS-SMB2] 2.2.3.1.4 SMB2_NETNAME_NEGOTIATE_CONTEXT_ID:
> >
> >    NetName (variable): A null-terminated Unicode string containing the
> >    server name and specified by the client application.
> >
> > Windows Server 1903 sends the name without null-termination, see the
> > attached capture.
> >
> > metze
>
>


-- 
Thanks,

Steve

[-- Attachment #2: 0001-smb3-Incorrect-size-for-netname-negotiate-context.patch --]
[-- Type: text/x-patch, Size: 1307 bytes --]

From fd9725e18f8c436e2277822eef0025baa1fe9a2a Mon Sep 17 00:00:00 2001
From: Steve French <stfrench@microsoft.com>
Date: Mon, 5 Aug 2019 17:07:26 -0500
Subject: [PATCH] smb3: Incorrect size for netname negotiate context

It is not null terminated (length was off by two).

Also see similar change to Samba:

https://gitlab.com/samba-team/samba/merge_requests/666

Reported-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
---
 fs/cifs/smb2pdu.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
index 31e4a1b0b170..5cc2ab2f2ac5 100644
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -503,8 +503,7 @@ build_netname_ctxt(struct smb2_netname_neg_context *pneg_ctxt, char *hostname)
 	pneg_ctxt->ContextType = SMB2_NETNAME_NEGOTIATE_CONTEXT_ID;
 
 	/* copy up to max of first 100 bytes of server name to NetName field */
-	pneg_ctxt->DataLength = cpu_to_le16(2 +
-		(2 * cifs_strtoUTF16(pneg_ctxt->NetName, hostname, 100, cp)));
+	pneg_ctxt->DataLength = cpu_to_le16(2 * cifs_strtoUTF16(pneg_ctxt->NetName, hostname, 100, cp));
 	/* context size is DataLength + minimal smb2_neg_context */
 	return DIV_ROUND_UP(le16_to_cpu(pneg_ctxt->DataLength) +
 			sizeof(struct smb2_neg_context), 8) * 8;
-- 
2.20.1

Re: [MS-SMB2] 2.2.3.1.4 SMB2_NETNAME_NEGOTIATE_CONTEXT_ID

[Stefan Metzmacher]

[-- Attachment #1.1: Type: text/plain, Size: 1162 bytes --]

Am 06.08.19 um 00:11 schrieb Steve French:
> How about this fix?

Looks good, if you have tested it :-)

metze

> On Fri, Jul 26, 2019 at 3:29 AM Stefan Metzmacher via samba-technical
> <samba-technical@lists.samba.org> wrote:
>>
>> Hi Steve,
>>
>> I just contacted dochelp for this and noticed (from reading the code)
>> that the kernel sends null-termination for the
>> SMB2_NETNAME_NEGOTIATE_CONTEXT_ID value.
>>
>> I think you should fix that and backport it to stable releases,
>> it would be good if all clients would implement it like windows.
>>
>> I implemented it for Samba here:
>> https://gitlab.com/samba-team/samba/merge_requests/666
>>
>> metze
>>
>> Am 26.07.19 um 10:22 schrieb Stefan Metzmacher via cifs-protocol:
>>> Hi DocHelp,
>>>
>>> I just noticed a documentation bug in
>>> [MS-SMB2] 2.2.3.1.4 SMB2_NETNAME_NEGOTIATE_CONTEXT_ID:
>>>
>>>    NetName (variable): A null-terminated Unicode string containing the
>>>    server name and specified by the client application.
>>>
>>> Windows Server 1903 sends the name without null-termination, see the
>>> attached capture.
>>>
>>> metze
>>
>>
> 
> 



[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]