Re: [PATCH][SMB3.1.1] remove confusing mount warning when no SPNEGO info on negprot rsp

Pavel Shilovsky <piastryyy@xxxxxxxxx> · Fri, 11 Dec 2020 10:37:12 -0800

чт, 10 дек. 2020 г. в 09:45, Pavel Shilovsky <piastryyy@xxxxxxxxx>:
>
> вт, 8 дек. 2020 г. в 23:23, Steve French <smfrench@xxxxxxxxx>:
> >
> > Azure does not send an SPNEGO blob in the negotiate protocol response,
> > so we shouldn't assume that it is there when validating the location
> > of the first negotiate context.  This avoids the potential confusing
> > mount warning:
> >
> >    CIFS: Invalid negotiate context offset
> >
> > CC: Stable <stable@xxxxxxxxxxxxxxx>
> > Signed-off-by: Steve French <stfrench@xxxxxxxxxxxxx>
> > ---
> >  fs/cifs/smb2misc.c | 11 +++++++----
> >  1 file changed, 7 insertions(+), 4 deletions(-)
> >
> > diff --git a/fs/cifs/smb2misc.c b/fs/cifs/smb2misc.c
> > index d88e2683626e..513507e4c4ad 100644
> > --- a/fs/cifs/smb2misc.c
> > +++ b/fs/cifs/smb2misc.c
> > @@ -109,11 +109,14 @@ static __u32 get_neg_ctxt_len(struct
> > smb2_sync_hdr *hdr, __u32 len,
> >
> >   /* Make sure that negotiate contexts start after gss security blob */
> >   nc_offset = le32_to_cpu(pneg_rsp->NegotiateContextOffset);
> > - if (nc_offset < non_ctxlen) {
> > - pr_warn_once("Invalid negotiate context offset\n");
> > + if (nc_offset + 1 < non_ctxlen) {
> > + pr_warn_once("Invalid negotiate context offset %d\n", nc_offset);
> >   return 0;
> > - }
> > - size_of_pad_before_neg_ctxts = nc_offset - non_ctxlen;
> > + } else if (nc_offset + 1 == non_ctxlen) {
> > + cifs_dbg(FYI, "no SPNEGO security blob in negprot rsp\n");
> > + size_of_pad_before_neg_ctxts = 0;
> > + } else
> > + size_of_pad_before_neg_ctxts = nc_offset - non_ctxlen;
> >
>
> This seems missing "+1" in the line above (non_ctxlen is 1 byte bigger
> than the fix-sized area of the packet):
> size_of_pad_before_neg_ctxts = nc_offset + 1 - non_ctxlen;
>

It seems that +1 would be needed if there is no SPNEGO security blob
but negotiate context offset is padded for other reasons. In this case
non_ctxlen will account for 1 byte from the padding. The only way here
would be to do something like:

 size_of_pad_before_neg_ctxts = nc_offset - non_ctxlen + (non_ctxlen
== 65 ? 1 : 0);

--
Best regards,
Pavel Shilovsky