sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-19 18:50:24 +03:00
Code

CVE-2015-5296: libcli/smb: make sure we require signing when we demand encryption on a session

Browse Source 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This commit is contained in:
Stefan Metzmacher 2015-09-30 21:23:25 +02:00 committed by Karolin Seeger
parent 1ba49b8f38
commit a819d2b440
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
libcli/smb/smbXcli_base.c
View File

@ -5446,6 +5446,9 @@ uint8_t smb2cli_session_security_mode(struct smbXcli_session *session)
if (conn->mandatory_signing) {
security_mode |= SMB2_NEGOTIATE_SIGNING_REQUIRED;
}
if (session->smb2->should_sign) {
security_mode |= SMB2_NEGOTIATE_SIGNING_REQUIRED;
}
return security_mode;
}
@ -5877,6 +5880,14 @@ NTSTATUS smb2cli_session_set_channel_key(struct smbXcli_session *session,
NTSTATUS smb2cli_session_encryption_on(struct smbXcli_session *session)
{
if (!session->smb2->should_sign) {
/*
* We need required signing on the session
* in order to prevent man in the middle attacks.
*/
return NT_STATUS_INVALID_PARAMETER_MIX;
}
if (session->smb2->should_encrypt) {
return NT_STATUS_OK;
}