Received: by 2002:a05:6a10:d5a5:0:0:0:0 with SMTP id gn37csp1810633pxb; Fri, 1 Oct 2021 21:16:45 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxMQPtD/SgTOD8WSO6Y6vQV332Q3FxsS9nWRWYSiyyhO3AseE/doOY7mLj7jf473EUz7pAG X-Received: by 2002:a50:9d8e:: with SMTP id w14mr1750176ede.74.1633148205689; Fri, 01 Oct 2021 21:16:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1633148205; cv=none; d=google.com; s=arc-20160816; b=Kk8hV7Jw0XiHK//jQ8YkNljKH3LC/nag1nvOqbjFMcTxCLpeUM2H8kUwXhgdjni+9t sDKZSOIre7UVWtUsg3G4YpckrF4ABujPcN1tN2bHvZ94/y3CqpP2+lEesXiiwQyvtQOB D4K9U/p03/ij28pWYDm4M5pm6ojtYTfRSHRk1RjDHKzwq+O85DgwN+/RJ9KCo5QkPCl7 JlLanOwWnZ/+AQP1Ok/YjsgjTImTjvXOeTkquhQkGvOzMBMbxm9ZKVqwTmaiLeKzEnyw OzqVUrND6gMNqOgGiv9u/f35tqhEoFOBwLRRfak75L5UUwxJasaGo8RHixs7qGELgvCE yDTQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:mime-version :dkim-signature; bh=0WJaiEYp+rUFVijbsNLGZPoYyXIrZhECmke6cB+EHLE=; b=mP4cRxqSwejPQJy7N9SKk+TuCRsRmYe9qdqS8flKJVji5KXC2c6ylZUpmOFmgVn/pk kFz69bYf1SV3SGUWmySCWS1oyRwCDPyPNAqj4NzVhyGn5rKx18EgdOgtB1UrsqGGC6/S l+I3H8sJGlbw4UBXmqJCwDCI42o3dxNFm/bcqpjY5wvX70TmMjMpdn/J5qePv+pLNCIO YQUW00T76c0C4z2zFwyD6149cOyAsijc0rvQeMTgHhR54eKbe3lpnZrNR7ZoGl96OlY1 F7dmgwh/1m6VZW8vo1c8YCN1ax0l04yZH0iKhl0TVEevLeckJTZwbjYINbumoOvQhoE2 oOjQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=JLLgcOJq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id l14si4487717eds.27.2021.10.01.21.16.20; Fri, 01 Oct 2021 21:16:45 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=JLLgcOJq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229725AbhJBEQm (ORCPT + 99 others); Sat, 2 Oct 2021 00:16:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43940 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229520AbhJBEQj (ORCPT ); Sat, 2 Oct 2021 00:16:39 -0400 Received: from mail-lf1-x12c.google.com (mail-lf1-x12c.google.com [IPv6:2a00:1450:4864:20::12c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 46DF3C061775; Fri, 1 Oct 2021 21:14:54 -0700 (PDT) Received: by mail-lf1-x12c.google.com with SMTP id y26so46574853lfa.11; Fri, 01 Oct 2021 21:14:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:from:date:message-id:subject:to:cc; bh=0WJaiEYp+rUFVijbsNLGZPoYyXIrZhECmke6cB+EHLE=; b=JLLgcOJql9BFUO11fNoaPnNwzIG5ERt684rmOcQcx2Yoc+k5umqIfUDcSKA4i7lON+ YpwcUhAwa+LJaRh//uGU0oXqqIN4Cx2c/XeSP1h3f+KpuQ36NSZ5szLcMyLfIdRfTNd1 tqFlg5oH+vvWjzdJxwFBsNBqr4gE82VQHTsKCx6LSCGNC+27h/Vq35dPfrf1lumvm4yt 5M2kSQ3zK4SWUfLkQDxjZYhCzl5tqsTegjUC7LzB09sam/JaL9epyfdNE59YP6SYwf76 FCNnb+nbol8jwoTyAj4UkrUuuM6RPWiayuPxohVo649vwGXoMuVXmQCWoo4+VViRX69s IR5g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=0WJaiEYp+rUFVijbsNLGZPoYyXIrZhECmke6cB+EHLE=; b=leSpTiwHnFnOkvWN48o4pW5EW4aLZUFV4rUF6fq9H8+scZ8GuMmKo6FdVALMvQ8IGv DTzvXZEtE4AbWh43a1rJQ68YWZxyxo9g6MwwDhGz6f8Wl3JCN0scML+XLM4Z0RvT5apG fDO8v7PwvtbrCkLSPf/6bWLGm8SyyyyHhrbBf0dlRtupt6mOqEcx8u34D8unSO0E5E33 I3ysTb3pvOVh9VrKwQXJROB+Lw5Rb6Y9rS+9ivztOaYJBqXhDoLLgSP+MYPTvFOPI0my AufDPknEBs1JohxTLvNalY2J4AHabpld8IloNlRn/r5W+y9TRx7d6bE4r2cZPxClslml vGAA== X-Gm-Message-State: AOAM532MUBw1CoQ98bWpBD2GUDZ7o3uPO87J8E2eEwH2BF4PcjDGznZV VkvuUeyqu/6TJyL+xOMqxVQo1j+68lSlc9zRWcnr2yB0mA4= X-Received: by 2002:a05:6512:dd:: with SMTP id c29mr1799335lfp.601.1633148092435; Fri, 01 Oct 2021 21:14:52 -0700 (PDT) MIME-Version: 1.0 From: Steve French Date: Fri, 1 Oct 2021 23:14:41 -0500 Message-ID: Subject: [GIT PULL] ksmbd server security fixes To: Linus Torvalds Cc: LKML , CIFS Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Please pull the following changes since commit 5816b3e6577eaa676ceb00a848f0fd65fe2adc29: Linux 5.15-rc3 (2021-09-26 14:08:19 -0700) are available in the Git repository at: git://git.samba.org/ksmbd.git tags/5.15-rc3-ksmbd-fixes for you to fetch changes up to 87ffb310d5e8a441721a9d04dfa7c90cd9da3916: ksmbd: missing check for NULL in convert_to_nt_pathname() (2021-09-30 20:00:05 -0500) ---------------------------------------------------------------- Eleven fixes for the ksmbd kernel server, mostly security related: - an important fix for disabling weak NTLMv1 authentication - seven security (improved buffer overflow checks) fixes - fix for wrong infolevel struct used in some getattr/setattr paths - two small documentation fixes Regression test results from Linux client to current ksmbd: http://smb3-test-rhel-75.southcentralus.cloudapp.azure.com/#/builders/8/builds/76 ---------------------------------------------------------------- Dan Carpenter (1): ksmbd: missing check for NULL in convert_to_nt_pathname() Enzo Matsumiya (1): ksmbd: fix documentation for 2 functions Hyunchul Lee (1): ksmbd: add buffer validation for SMB2_CREATE_CONTEXT Namjae Jeon (7): ksmbd: fix invalid request buffer access in compound MAINTAINERS: rename cifs_common to smbfs_common in cifs and ksmbd entry ksmbd: remove NTLMv1 authentication ksmbd: use correct basic info level in set_file_basic_info() ksmbd: add request buffer validation in smb2_set_info ksmbd: add validation in smb2 negotiate ksmbd: fix transform header validation Ronnie Sahlberg (1): ksmbd: remove RFC1002 check in smb2 request MAINTAINERS | 4 +- fs/ksmbd/auth.c | 205 ------------------------------------- fs/ksmbd/crypto_ctx.c | 16 --- fs/ksmbd/crypto_ctx.h | 8 -- fs/ksmbd/misc.c | 17 ++-- fs/ksmbd/oplock.c | 41 ++++++-- fs/ksmbd/smb2pdu.c | 256 ++++++++++++++++++++++++++++++++++++----------- fs/ksmbd/smb2pdu.h | 9 ++ fs/ksmbd/smb_common.c | 47 +++++---- fs/ksmbd/smb_common.h | 8 -- fs/ksmbd/smbacl.c | 21 +++- fs/ksmbd/transport_tcp.c | 4 +- 12 files changed, 294 insertions(+), 342 deletions(-) -- Thanks, Steve