Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp9410702pxu;
        Mon, 28 Dec 2020 15:36:05 -0800 (PST)
X-Google-Smtp-Source: ABdhPJxrgzTTDmU8nP89CHgcvlL0jOeHv88047yt8sesQq0LcmeVi5wefW3jx9n/y5epWxANbnxS
X-Received: by 2002:a17:906:971a:: with SMTP id k26mr44412577ejx.515.1609198565518;
        Mon, 28 Dec 2020 15:36:05 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1609198565; cv=none;
        d=google.com; s=arc-20160816;
        b=jCRsKfkRTVuJvzzxPUiL/BNvLtOQvcgNivcRamtBT312p9wNy7GOe+WbNk1E9JwZfG
         b9LRxQKTGJJBH2wQbl6ke+L6rygz+UdPtB0U5RJxjziTXOJ2VasGnIqu3GuF3J6TQdpm
         5n4K3VzXOYzLu7jxdfcY6Lok/XdIr/IPJbWNMiVFI06u40Ivv8UGJoI4gqnuBwfYc2cE
         LJmrAzOsbBjfLW+gz+bkoJouExviPZVw+2Kmh+RCvQ67zg1J5yzV2OHZiKg/v1C3P5qJ
         22RBURNvSM8FHTIVpHVCVqnA6Aa5vtnyu1hIzl9C9msdw+rB6I9Pk/B2k/tSV9Lomebt
         NlHA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=A7FJYmRbYVPtUma/qwf4kEZHdwi/O4yRzDhks+fVAHs=;
        b=upAPIEMPVSAyr6DTPplDfP4oZaip2BZe8NRNRoyWbgOpGKeGsYEpQv2LdP8serIdBJ
         apfqYj6eINKG4Huf2Z4Gj2mp9VPFaOA+7VREodp2CcZgogYOVd+ZaI4GwfIT4AGYbc/c
         5IW4nhQWizhrG1ACozPH940xYr4KkYcT5F13TWWZ8KUCLyUx7N1TNJQtYg8imofS4E+c
         PJi4zYgJSkOJSLLcqpe09U9eC9OVPKZc43xop+YgGExRA2fSbb/WhKpHmzpwQWp0cwd7
         x4ocQureN7j7ilE/lnHYbF41BliSuHJ0GHECu9lnvlm3k1E24rvAJIBIjJy5CA4ZXWsn
         0tnA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=a3xp4viM;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id rl21si20003351ejb.3.2020.12.28.15.35.43;
        Mon, 28 Dec 2020 15:36:05 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=a3xp4viM;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2503407AbgL1O3L (ORCPT <rfc822;luca.barbieri@gmail.com>
        + 99 others); Mon, 28 Dec 2020 09:29:11 -0500
Received: from mail.kernel.org ([198.145.29.99]:36844 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S2390307AbgL1O3D (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 28 Dec 2020 09:29:03 -0500
Received: by mail.kernel.org (Postfix) with ESMTPSA id E4E03206D4;
        Mon, 28 Dec 2020 14:28:21 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1609165702;
        bh=GCRSd7zD/TEBVbBx3Dw7+c2VxWwOYBBPm5G7HSOutqk=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=a3xp4viMJBy6UldbOWEWZzLqHuTfxeiw6jRskudFfE1XXTVVm6JgWXxfb6bHgvDFM
         ifYpbj7upCQKkCibG8Pk6acKK7V3bs0IRxEF6H8uA20nnhurEt1QhCg2XyoCOEhoY2
         evh60yiYaxqT72XmrZ1QpduREhGCZHHZxo2OjZI8=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Shyam Prasad N <sprasad@microsoft.com>,
        Pavel Shilovsky <pshilov@microsoft.com>,
        Steve French <stfrench@microsoft.com>
Subject: [PATCH 5.10 625/717] SMB3.1.1: do not log warning message if server doesnt populate salt
Date:   Mon, 28 Dec 2020 13:50:23 +0100
Message-Id: <20201228125050.864074925@linuxfoundation.org>
X-Mailer: git-send-email 2.29.2
In-Reply-To: <20201228125020.963311703@linuxfoundation.org>
References: <20201228125020.963311703@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Steve French <stfrench@microsoft.com>

commit 7955f105afb6034af344038d663bc98809483cdd upstream.

In the negotiate protocol preauth context, the server is not required
to populate the salt (although it is done by most servers) so do
not warn on mount.

We retain the checks (warn) that the preauth context is the minimum
size and that the salt does not exceed DataLength of the SMB response.
Although we use the defaults in the case that the preauth context
response is invalid, these checks may be useful in the future
as servers add support for additional mechanisms.

CC: Stable <stable@vger.kernel.org>
Reviewed-by: Shyam Prasad N <sprasad@microsoft.com>
Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/cifs/smb2pdu.c |    7 +++++--
 fs/cifs/smb2pdu.h |   14 +++++++++++---
 2 files changed, 16 insertions(+), 5 deletions(-)

--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -427,8 +427,8 @@ build_preauth_ctxt(struct smb2_preauth_n
 	pneg_ctxt->ContextType = SMB2_PREAUTH_INTEGRITY_CAPABILITIES;
 	pneg_ctxt->DataLength = cpu_to_le16(38);
 	pneg_ctxt->HashAlgorithmCount = cpu_to_le16(1);
-	pneg_ctxt->SaltLength = cpu_to_le16(SMB311_SALT_SIZE);
-	get_random_bytes(pneg_ctxt->Salt, SMB311_SALT_SIZE);
+	pneg_ctxt->SaltLength = cpu_to_le16(SMB311_LINUX_CLIENT_SALT_SIZE);
+	get_random_bytes(pneg_ctxt->Salt, SMB311_LINUX_CLIENT_SALT_SIZE);
 	pneg_ctxt->HashAlgorithms = SMB2_PREAUTH_INTEGRITY_SHA512;
 }
 
@@ -566,6 +566,9 @@ static void decode_preauth_context(struc
 	if (len < MIN_PREAUTH_CTXT_DATA_LEN) {
 		pr_warn_once("server sent bad preauth context\n");
 		return;
+	} else if (len < MIN_PREAUTH_CTXT_DATA_LEN + le16_to_cpu(ctxt->SaltLength)) {
+		pr_warn_once("server sent invalid SaltLength\n");
+		return;
 	}
 	if (le16_to_cpu(ctxt->HashAlgorithmCount) != 1)
 		pr_warn_once("Invalid SMB3 hash algorithm count\n");
--- a/fs/cifs/smb2pdu.h
+++ b/fs/cifs/smb2pdu.h
@@ -333,12 +333,20 @@ struct smb2_neg_context {
 	/* Followed by array of data */
 } __packed;
 
-#define SMB311_SALT_SIZE			32
+#define SMB311_LINUX_CLIENT_SALT_SIZE			32
 /* Hash Algorithm Types */
 #define SMB2_PREAUTH_INTEGRITY_SHA512	cpu_to_le16(0x0001)
 #define SMB2_PREAUTH_HASH_SIZE 64
 
-#define MIN_PREAUTH_CTXT_DATA_LEN	(SMB311_SALT_SIZE + 6)
+/*
+ * SaltLength that the server send can be zero, so the only three required
+ * fields (all __le16) end up six bytes total, so the minimum context data len
+ * in the response is six bytes which accounts for
+ *
+ *      HashAlgorithmCount, SaltLength, and 1 HashAlgorithm.
+ */
+#define MIN_PREAUTH_CTXT_DATA_LEN 6
+
 struct smb2_preauth_neg_context {
 	__le16	ContextType; /* 1 */
 	__le16	DataLength;
@@ -346,7 +354,7 @@ struct smb2_preauth_neg_context {
 	__le16	HashAlgorithmCount; /* 1 */
 	__le16	SaltLength;
 	__le16	HashAlgorithms; /* HashAlgorithms[0] since only one defined */
-	__u8	Salt[SMB311_SALT_SIZE];
+	__u8	Salt[SMB311_LINUX_CLIENT_SALT_SIZE];
 } __packed;
 
 /* Encryption Algorithms Ciphers */