How about this fix? On Fri, Jul 26, 2019 at 3:29 AM Stefan Metzmacher via samba-technical <samba-technical@xxxxxxxxxxxxxxx> wrote: > > Hi Steve, > > I just contacted dochelp for this and noticed (from reading the code) > that the kernel sends null-termination for the > SMB2_NETNAME_NEGOTIATE_CONTEXT_ID value. > > I think you should fix that and backport it to stable releases, > it would be good if all clients would implement it like windows. > > I implemented it for Samba here: > https://gitlab.com/samba-team/samba/merge_requests/666 > > metze > > Am 26.07.19 um 10:22 schrieb Stefan Metzmacher via cifs-protocol: > > Hi DocHelp, > > > > I just noticed a documentation bug in > > [MS-SMB2] 2.2.3.1.4 SMB2_NETNAME_NEGOTIATE_CONTEXT_ID: > > > > NetName (variable): A null-terminated Unicode string containing the > > server name and specified by the client application. > > > > Windows Server 1903 sends the name without null-termination, see the > > attached capture. > > > > metze > > -- Thanks, Steve
From fd9725e18f8c436e2277822eef0025baa1fe9a2a Mon Sep 17 00:00:00 2001 From: Steve French <stfrench@xxxxxxxxxxxxx> Date: Mon, 5 Aug 2019 17:07:26 -0500 Subject: [PATCH] smb3: Incorrect size for netname negotiate context It is not null terminated (length was off by two). Also see similar change to Samba: https://gitlab.com/samba-team/samba/merge_requests/666 Reported-by: Stefan Metzmacher <metze@xxxxxxxxx> Signed-off-by: Steve French <stfrench@xxxxxxxxxxxxx> --- fs/cifs/smb2pdu.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index 31e4a1b0b170..5cc2ab2f2ac5 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -503,8 +503,7 @@ build_netname_ctxt(struct smb2_netname_neg_context *pneg_ctxt, char *hostname) pneg_ctxt->ContextType = SMB2_NETNAME_NEGOTIATE_CONTEXT_ID; /* copy up to max of first 100 bytes of server name to NetName field */ - pneg_ctxt->DataLength = cpu_to_le16(2 + - (2 * cifs_strtoUTF16(pneg_ctxt->NetName, hostname, 100, cp))); + pneg_ctxt->DataLength = cpu_to_le16(2 * cifs_strtoUTF16(pneg_ctxt->NetName, hostname, 100, cp)); /* context size is DataLength + minimal smb2_neg_context */ return DIV_ROUND_UP(le16_to_cpu(pneg_ctxt->DataLength) + sizeof(struct smb2_neg_context), 8) * 8; -- 2.20.1
