mirror of
https://github.com/samba-team/samba.git
synced 2025-01-25 06:04:04 +03:00
CVE-2016-2019: libcli/smb: don't allow guest sessions if we require signing
Note real anonymous sessions (with "" as username) don't hit this as we don't even call smb2cli_session_set_session_key() in that case. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11860 Signed-off-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
parent
ef1a66dcdf
commit
d81bffa0fb
@ -5312,6 +5312,10 @@ bool smbXcli_session_is_guest(struct smbXcli_session *session)
|
||||
return false;
|
||||
}
|
||||
|
||||
if (session->conn->mandatory_signing) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (session->conn->protocol >= PROTOCOL_SMB2_02) {
|
||||
if (session->smb2->session_flags & SMB2_SESSION_FLAG_IS_GUEST) {
|
||||
return true;
|
||||
@ -5571,7 +5575,7 @@ NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session,
|
||||
const struct iovec *recv_iov)
|
||||
{
|
||||
struct smbXcli_conn *conn = session->conn;
|
||||
uint16_t no_sign_flags;
|
||||
uint16_t no_sign_flags = 0;
|
||||
uint8_t session_key[16];
|
||||
bool check_signature = true;
|
||||
uint32_t hdr_flags;
|
||||
@ -5596,7 +5600,18 @@ NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session,
|
||||
return NT_STATUS_INVALID_PARAMETER_MIX;
|
||||
}
|
||||
|
||||
no_sign_flags = SMB2_SESSION_FLAG_IS_GUEST | SMB2_SESSION_FLAG_IS_NULL;
|
||||
if (!conn->mandatory_signing) {
|
||||
/*
|
||||
* only allow guest sessions without
|
||||
* mandatory signing.
|
||||
*
|
||||
* If we try an authentication with username != ""
|
||||
* and the server let us in without verifying the
|
||||
* password we don't have a negotiated session key
|
||||
* for signing.
|
||||
*/
|
||||
no_sign_flags = SMB2_SESSION_FLAG_IS_GUEST;
|
||||
}
|
||||
|
||||
if (session->smb2->session_flags & no_sign_flags) {
|
||||
session->smb2->should_sign = false;
|
||||
|
Loading…
x
Reference in New Issue
Block a user