1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-25 06:04:04 +03:00

CVE-2016-2019: libcli/smb: don't allow guest sessions if we require signing

Note real anonymous sessions (with "" as username) don't hit this
as we don't even call smb2cli_session_set_session_key() in that case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11860

Signed-off-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
Stefan Metzmacher 2016-04-20 11:26:57 +02:00 committed by Karolin Seeger
parent ef1a66dcdf
commit d81bffa0fb

View File

@ -5312,6 +5312,10 @@ bool smbXcli_session_is_guest(struct smbXcli_session *session)
return false;
}
if (session->conn->mandatory_signing) {
return false;
}
if (session->conn->protocol >= PROTOCOL_SMB2_02) {
if (session->smb2->session_flags & SMB2_SESSION_FLAG_IS_GUEST) {
return true;
@ -5571,7 +5575,7 @@ NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session,
const struct iovec *recv_iov)
{
struct smbXcli_conn *conn = session->conn;
uint16_t no_sign_flags;
uint16_t no_sign_flags = 0;
uint8_t session_key[16];
bool check_signature = true;
uint32_t hdr_flags;
@ -5596,7 +5600,18 @@ NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session,
return NT_STATUS_INVALID_PARAMETER_MIX;
}
no_sign_flags = SMB2_SESSION_FLAG_IS_GUEST | SMB2_SESSION_FLAG_IS_NULL;
if (!conn->mandatory_signing) {
/*
* only allow guest sessions without
* mandatory signing.
*
* If we try an authentication with username != ""
* and the server let us in without verifying the
* password we don't have a negotiated session key
* for signing.
*/
no_sign_flags = SMB2_SESSION_FLAG_IS_GUEST;
}
if (session->smb2->session_flags & no_sign_flags) {
session->smb2->should_sign = false;