SMB3: Fix length checking of SMB3.11 negotiate request The length checking for SMB3.11 negotiate request includes "negotiate contexts" which caused a buffer validation problem and a confusing warning message on SMB3.11 mount e.g.: SMB2 server sent bad RFC1001 len 236 not 170 Fix the length checking for SMB3.11 negotiate to account for the new negotiate context so that we don't log a warning on SMB3.11 mount by default but do log warnings if lengths returned by the server are incorrect. CC: Stable <stable@vger.kernel.org> Signed-off-by: Steve French <smfrench@gmail.com> Reviewed-by: Aurelien Aptel <aaptel@suse.com> Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>

commit: 136ff1b4b65edf09b6b7173ba94ad53347d3aa83 [log] [tgz]
author: Steve French <smfrench@gmail.com> Sun Apr 08 16:14:31 2018 -0500
committer: Steve French <smfrench@gmail.com> Thu Apr 12 16:52:38 2018 -0500
tree: a3637b5dc7de1c91869b111f10eed9736f8a7d96
parent: f2f176b418da96ae030c2f312c0ddb0e7b6ead21 [diff] [blame]
diff --git a/fs/cifs/smb2pdu.h b/fs/cifs/smb2pdu.h
index 253e2c7..0e0a0af 100644
--- a/fs/cifs/smb2pdu.h
+++ b/fs/cifs/smb2pdu.h

@@ -263,6 +263,13 @@ struct smb2_negotiate_req {
 #define SMB2_NT_FIND			0x00100000
 #define SMB2_LARGE_FILES		0x00200000
 
+struct smb2_neg_context {
+	__le16	ContextType;
+	__le16	DataLength;
+	__le32	Reserved;
+	/* Followed by array of data */
+} __packed;
+
 #define SMB311_SALT_SIZE			32
 /* Hash Algorithm Types */
 #define SMB2_PREAUTH_INTEGRITY_SHA512	cpu_to_le16(0x0001)
commit	136ff1b4b65edf09b6b7173ba94ad53347d3aa83	[log] [tgz]
author	Steve French <smfrench@gmail.com>	Sun Apr 08 16:14:31 2018 -0500
committer	Steve French <smfrench@gmail.com>	Thu Apr 12 16:52:38 2018 -0500
tree	a3637b5dc7de1c91869b111f10eed9736f8a7d96
parent	f2f176b418da96ae030c2f312c0ddb0e7b6ead21 [diff] [blame]