* Re: [MS-SMB2] 2.2.3.1.4 SMB2_NETNAME_NEGOTIATE_CONTEXT_ID
[not found] <e51f32ff-ce54-d015-4ba0-572ec35f3e45@samba.org>
@ 2019-07-26 8:27 ` Stefan Metzmacher
2019-08-05 22:11 ` Steve French
0 siblings, 1 reply; 3+ messages in thread
From: Stefan Metzmacher @ 2019-07-26 8:27 UTC (permalink / raw)
To: Steve French; +Cc: linux-cifs, Samba Technical
[-- Attachment #1.1: Type: text/plain, Size: 846 bytes --]
Hi Steve,
I just contacted dochelp for this and noticed (from reading the code)
that the kernel sends null-termination for the
SMB2_NETNAME_NEGOTIATE_CONTEXT_ID value.
I think you should fix that and backport it to stable releases,
it would be good if all clients would implement it like windows.
I implemented it for Samba here:
https://gitlab.com/samba-team/samba/merge_requests/666
metze
Am 26.07.19 um 10:22 schrieb Stefan Metzmacher via cifs-protocol:
> Hi DocHelp,
>
> I just noticed a documentation bug in
> [MS-SMB2] 2.2.3.1.4 SMB2_NETNAME_NEGOTIATE_CONTEXT_ID:
>
> NetName (variable): A null-terminated Unicode string containing the
> server name and specified by the client application.
>
> Windows Server 1903 sends the name without null-termination, see the
> attached capture.
>
> metze
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [MS-SMB2] 2.2.3.1.4 SMB2_NETNAME_NEGOTIATE_CONTEXT_ID
2019-07-26 8:27 ` [MS-SMB2] 2.2.3.1.4 SMB2_NETNAME_NEGOTIATE_CONTEXT_ID Stefan Metzmacher
@ 2019-08-05 22:11 ` Steve French
2019-08-06 5:17 ` Stefan Metzmacher
0 siblings, 1 reply; 3+ messages in thread
From: Steve French @ 2019-08-05 22:11 UTC (permalink / raw)
To: Stefan Metzmacher; +Cc: Steve French, linux-cifs, Samba Technical
[-- Attachment #1: Type: text/plain, Size: 1020 bytes --]
How about this fix?
On Fri, Jul 26, 2019 at 3:29 AM Stefan Metzmacher via samba-technical
<samba-technical@lists.samba.org> wrote:
>
> Hi Steve,
>
> I just contacted dochelp for this and noticed (from reading the code)
> that the kernel sends null-termination for the
> SMB2_NETNAME_NEGOTIATE_CONTEXT_ID value.
>
> I think you should fix that and backport it to stable releases,
> it would be good if all clients would implement it like windows.
>
> I implemented it for Samba here:
> https://gitlab.com/samba-team/samba/merge_requests/666
>
> metze
>
> Am 26.07.19 um 10:22 schrieb Stefan Metzmacher via cifs-protocol:
> > Hi DocHelp,
> >
> > I just noticed a documentation bug in
> > [MS-SMB2] 2.2.3.1.4 SMB2_NETNAME_NEGOTIATE_CONTEXT_ID:
> >
> > NetName (variable): A null-terminated Unicode string containing the
> > server name and specified by the client application.
> >
> > Windows Server 1903 sends the name without null-termination, see the
> > attached capture.
> >
> > metze
>
>
--
Thanks,
Steve
[-- Attachment #2: 0001-smb3-Incorrect-size-for-netname-negotiate-context.patch --]
[-- Type: text/x-patch, Size: 1307 bytes --]
From fd9725e18f8c436e2277822eef0025baa1fe9a2a Mon Sep 17 00:00:00 2001
From: Steve French <stfrench@microsoft.com>
Date: Mon, 5 Aug 2019 17:07:26 -0500
Subject: [PATCH] smb3: Incorrect size for netname negotiate context
It is not null terminated (length was off by two).
Also see similar change to Samba:
https://gitlab.com/samba-team/samba/merge_requests/666
Reported-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
---
fs/cifs/smb2pdu.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
index 31e4a1b0b170..5cc2ab2f2ac5 100644
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -503,8 +503,7 @@ build_netname_ctxt(struct smb2_netname_neg_context *pneg_ctxt, char *hostname)
pneg_ctxt->ContextType = SMB2_NETNAME_NEGOTIATE_CONTEXT_ID;
/* copy up to max of first 100 bytes of server name to NetName field */
- pneg_ctxt->DataLength = cpu_to_le16(2 +
- (2 * cifs_strtoUTF16(pneg_ctxt->NetName, hostname, 100, cp)));
+ pneg_ctxt->DataLength = cpu_to_le16(2 * cifs_strtoUTF16(pneg_ctxt->NetName, hostname, 100, cp));
/* context size is DataLength + minimal smb2_neg_context */
return DIV_ROUND_UP(le16_to_cpu(pneg_ctxt->DataLength) +
sizeof(struct smb2_neg_context), 8) * 8;
--
2.20.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [MS-SMB2] 2.2.3.1.4 SMB2_NETNAME_NEGOTIATE_CONTEXT_ID
2019-08-05 22:11 ` Steve French
@ 2019-08-06 5:17 ` Stefan Metzmacher
0 siblings, 0 replies; 3+ messages in thread
From: Stefan Metzmacher @ 2019-08-06 5:17 UTC (permalink / raw)
To: Steve French; +Cc: Steve French, linux-cifs, Samba Technical
[-- Attachment #1.1: Type: text/plain, Size: 1162 bytes --]
Am 06.08.19 um 00:11 schrieb Steve French:
> How about this fix?
Looks good, if you have tested it :-)
metze
> On Fri, Jul 26, 2019 at 3:29 AM Stefan Metzmacher via samba-technical
> <samba-technical@lists.samba.org> wrote:
>>
>> Hi Steve,
>>
>> I just contacted dochelp for this and noticed (from reading the code)
>> that the kernel sends null-termination for the
>> SMB2_NETNAME_NEGOTIATE_CONTEXT_ID value.
>>
>> I think you should fix that and backport it to stable releases,
>> it would be good if all clients would implement it like windows.
>>
>> I implemented it for Samba here:
>> https://gitlab.com/samba-team/samba/merge_requests/666
>>
>> metze
>>
>> Am 26.07.19 um 10:22 schrieb Stefan Metzmacher via cifs-protocol:
>>> Hi DocHelp,
>>>
>>> I just noticed a documentation bug in
>>> [MS-SMB2] 2.2.3.1.4 SMB2_NETNAME_NEGOTIATE_CONTEXT_ID:
>>>
>>> NetName (variable): A null-terminated Unicode string containing the
>>> server name and specified by the client application.
>>>
>>> Windows Server 1903 sends the name without null-termination, see the
>>> attached capture.
>>>
>>> metze
>>
>>
>
>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-08-06 5:17 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <e51f32ff-ce54-d015-4ba0-572ec35f3e45@samba.org>
2019-07-26 8:27 ` [MS-SMB2] 2.2.3.1.4 SMB2_NETNAME_NEGOTIATE_CONTEXT_ID Stefan Metzmacher
2019-08-05 22:11 ` Steve French
2019-08-06 5:17 ` Stefan Metzmacher
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).