diff options
| author | Namjae Jeon <linkinjeon@kernel.org> | 2026-07-02 20:27:43 +0900 |
|---|---|---|
| committer | Steve French <stfrench@microsoft.com> | 2026-07-06 07:55:41 -0500 |
| commit | 1f12738b0ed7b89252271d71159c67e6349ef532 (patch) | |
| tree | 08d487b94e6bea273dfb576f5099f8497b3604b6 /rust/zerocopy/git@git.tavy.me:linux-stable.git | |
| parent | 1c5daa2ea924be89d78b5525510bcf3a3eb9735c (diff) | |
ksmbd: sign rejected SMB2.1 session binding responses
SMB2_SESSION_REQ_FLAG_BINDING is not supported before SMB 3.0. ksmbd maps
such a request to STATUS_REQUEST_NOT_ACCEPTED, but it rejects the request
without looking up the referenced session. The response is then sent
unsigned. A client requiring signing reports
STATUS_ACCESS_DENIED instead of the server status.
Look up the referenced session and verify the binding request with its
signing key. Keep the session reference only after successful verification
so the rejected response can be signed without providing a signing oracle.
A signed SESSION_SETUP without the binding flag can reference a session
that does not belong to the connection. Preserve SMB2_FLAGS_SIGNED on the
STATUS_USER_SESSION_DELETED response. Clients skip signature verification
for this status but still require the signed flag before propagating it.
Also restrict failed binding preauthentication cleanup to SMB 3.1.1, the
only dialect that initializes and uses that context.
This fixes smb2.session.bind_negative_smb210s.
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Diffstat (limited to 'rust/zerocopy/git@git.tavy.me:linux-stable.git')
0 files changed, 0 insertions, 0 deletions
