1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-22 22:04:08 +03:00

CVE-2023-3347: smbd: fix "server signing = mandatory"

This was broken by commit 1f3f6e20dc086a36de52bffd0bc36e15fb19e1c6 because when
calling srv_init_signing() very early after accepting the connection in
smbd_add_connection(), conn->protocol is still PROTOCOL_NONE.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15397

Signed-off-by: Ralph Boehme <slow@samba.org>
This commit is contained in:
Ralph Boehme 2023-06-20 15:33:02 +02:00 committed by Jule Anger
parent a22fcb6891
commit 6c1128b118
2 changed files with 8 additions and 12 deletions

View File

@ -1 +0,0 @@
^samba3.smb2.session-require-signing.bug15397

View File

@ -37,19 +37,16 @@ bool srv_init_signing(struct smbXsrv_connection *conn)
return false;
}
/*
* For SMB2 all we need to know is if signing is mandatory.
* It is always allowed and desired, whatever the smb.conf says.
*/
(void)lpcfg_server_signing_allowed(lp_ctx, &conn->smb2.signing_mandatory);
#if defined(WITH_SMB1SERVER)
if (conn->protocol >= PROTOCOL_SMB2_02) {
#endif
/*
* For SMB2 all we need to know is if signing is mandatory.
* It is always allowed and desired, whatever the smb.conf says.
*/
(void)lpcfg_server_signing_allowed(lp_ctx, &conn->smb2.signing_mandatory);
#if defined(WITH_SMB1SERVER)
} else {
ok = smb1_srv_init_signing(lp_ctx, conn);
}
ok = smb1_srv_init_signing(lp_ctx, conn);
#endif
talloc_unlink(conn, lp_ctx);
return ok;
}