вт, 8 дек. 2020 г. в 23:23, Steve French <smfrench@xxxxxxxxx>:
>
> Azure does not send an SPNEGO blob in the negotiate protocol response,
> so we shouldn't assume that it is there when validating the location
> of the first negotiate context. This avoids the potential confusing
> mount warning:
>
> CIFS: Invalid negotiate context offset
>
> CC: Stable <stable@xxxxxxxxxxxxxxx>
> Signed-off-by: Steve French <stfrench@xxxxxxxxxxxxx>
> ---
> fs/cifs/smb2misc.c | 11 +++++++----
> 1 file changed, 7 insertions(+), 4 deletions(-)
>
> diff --git a/fs/cifs/smb2misc.c b/fs/cifs/smb2misc.c
> index d88e2683626e..513507e4c4ad 100644
> --- a/fs/cifs/smb2misc.c
> +++ b/fs/cifs/smb2misc.c
> @@ -109,11 +109,14 @@ static __u32 get_neg_ctxt_len(struct
> smb2_sync_hdr *hdr, __u32 len,
>
> /* Make sure that negotiate contexts start after gss security blob */
> nc_offset = le32_to_cpu(pneg_rsp->NegotiateContextOffset);
> - if (nc_offset < non_ctxlen) {
> - pr_warn_once("Invalid negotiate context offset\n");
> + if (nc_offset + 1 < non_ctxlen) {
> + pr_warn_once("Invalid negotiate context offset %d\n", nc_offset);
> return 0;
> - }
> - size_of_pad_before_neg_ctxts = nc_offset - non_ctxlen;
> + } else if (nc_offset + 1 == non_ctxlen) {
> + cifs_dbg(FYI, "no SPNEGO security blob in negprot rsp\n");
> + size_of_pad_before_neg_ctxts = 0;
> + } else
> + size_of_pad_before_neg_ctxts = nc_offset - non_ctxlen;
>
This seems missing "+1" in the line above (non_ctxlen is 1 byte bigger
than the fix-sized area of the packet):
size_of_pad_before_neg_ctxts = nc_offset + 1 - non_ctxlen;
--
Best regards,
Pavel Shilovsky
