sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-03 13:47:25 +03:00
Code

s3: smb2 - Negprot should return INVALID_PARAMETER if flags2 signed bit is set.

Browse Source 
MS-SMB2: 3.3.5.2.4 Verifying the Signature.
If the SMB2 header of the SMB2 NEGOTIATE
request has the SMB2_FLAGS_SIGNED bit set in the
Flags field, the server MUST fail the request
with STATUS_INVALID_PARAMETER.

Found and fix confirmed by Microsoft test tool.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
This commit is contained in:
Jeremy Allison 2014-06-16 14:05:18 -07:00
parent e907f84156
commit 37b4c9e08f
1 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
source3/smbd/smb2_server.c
View File

@ -2034,8 +2034,23 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
DATA_BLOB signing_key;
if (x == NULL) {
return smbd_smb2_request_error(
req, NT_STATUS_USER_SESSION_DELETED);
/*
* MS-SMB2: 3.3.5.2.4 Verifying the Signature.
* If the SMB2 header of the SMB2 NEGOTIATE
* request has the SMB2_FLAGS_SIGNED bit set in the
* Flags field, the server MUST fail the request
* with STATUS_INVALID_PARAMETER.
*
* Microsoft test tool checks this.
*/
if ((opcode == SMB2_OP_NEGPROT) &&
(flags & SMB2_HDR_FLAG_SIGNED)) {
status = NT_STATUS_INVALID_PARAMETER;
} else {
status = NT_STATUS_USER_SESSION_DELETED;
}
return smbd_smb2_request_error(req, status);
}
signing_key = x->global->channels[0].signing_key;