Patch "ksmbd: fix wrong signingkey creation when encryption is AES256" has been added to the 5.15-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This is a note to let you know that I've just added the patch titled

    ksmbd: fix wrong signingkey creation when encryption is AES256

to the 5.15-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     ksmbd-fix-wrong-signingkey-creation-when-encryption-is-aes256.patch
and it can be found in the queue-5.15 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From linkinjeon@xxxxxxxxx Mon Dec 18 16:39:33 2023
From: Namjae Jeon <linkinjeon@xxxxxxxxxx>
Date: Tue, 19 Dec 2023 00:33:38 +0900
Subject: ksmbd: fix wrong signingkey creation when encryption is AES256
To: gregkh@xxxxxxxxxxxxxxxxxxx, stable@xxxxxxxxxxxxxxx
Cc: smfrench@xxxxxxxxx, Namjae Jeon <linkinjeon@xxxxxxxxxx>, Miao Lihua <441884205@xxxxxx>, Steve French <stfrench@xxxxxxxxxxxxx>
Message-ID: <20231218153454.8090-79-linkinjeon@xxxxxxxxxx>

From: Namjae Jeon <linkinjeon@xxxxxxxxxx>

[ Upstream commit 7a891d4b62d62566323676cb0e922ded4f37afe1 ]

MacOS and Win11 support AES256 encrytion and it is included in the cipher
array of encryption context. Especially on macOS, The most preferred
cipher is AES256. Connecting to ksmbd fails on newer MacOS clients that
support AES256 encryption. MacOS send disconnect request after receiving
final session setup response from ksmbd. Because final session setup is
signed with signing key was generated incorrectly.
For signging key, 'L' value should be initialized to 128 if key size is
16bytes.

Cc: stable@xxxxxxxxxxxxxxx
Reported-by: Miao Lihua <441884205@xxxxxx>
Tested-by: Miao Lihua <441884205@xxxxxx>
Signed-off-by: Namjae Jeon <linkinjeon@xxxxxxxxxx>
Signed-off-by: Steve French <stfrench@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 fs/ksmbd/auth.c |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

--- a/fs/ksmbd/auth.c
+++ b/fs/ksmbd/auth.c
@@ -730,8 +730,9 @@ static int generate_key(struct ksmbd_con
 		goto smb3signkey_ret;
 	}
 
-	if (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
-	    conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)
+	if (key_size == SMB3_ENC_DEC_KEY_SIZE &&
+	    (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
+	     conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM))
 		rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), L256, 4);
 	else
 		rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), L128, 4);


Patches currently in stable-queue which might be from linkinjeon@xxxxxxxxx are

queue-5.15/ksmbd-fix-uaf-issue-from-opinfo-conn.patch
queue-5.15/ksmbd-fix-race-condition-from-parallel-smb2-lock-requests.patch
queue-5.15/ksmbd-validate-session-id-and-tree-id-in-compound-request.patch
queue-5.15/ksmbd-reorganize-ksmbd_iov_pin_rsp.patch
queue-5.15/ksmbd-convert-to-use-sysfs_emit-sysfs_emit_at-apis.patch
queue-5.15/ksmbd-validate-length-in-smb2_write.patch
queue-5.15/ksmbd-add-support-for-key-exchange.patch
queue-5.15/ksmbd-request-update-to-stale-share-config.patch
queue-5.15/ksmbd-remove-generic_fillattr-use-in-smb2_open.patch
queue-5.15/ksmbd-fix-uninitialized-pointer-read-in-smb2_create_link.patch
queue-5.15/ksmbd-set-smb2_session_flag_encrypt_data-when-enforcing-data-encryption-for-this-share.patch
queue-5.15/ksmbd-constify-struct-path.patch
queue-5.15/ksmbd-casefold-utf-8-share-names-and-fix-ascii-lowercase-conversion.patch
queue-5.15/ksmbd-validate-smb-request-protocol-id.patch
queue-5.15/ksmbd-avoid-out-of-bounds-access-in-decode_preauth_ctxt.patch
queue-5.15/ksmbd-release-interim-response-after-sending-status-pending-response.patch
queue-5.15/ksmbd-fix-racy-issue-under-cocurrent-smb2-tree-disconnect.patch
queue-5.15/ksmbd-fix-out-of-bounds-read-in-smb2_sess_setup.patch
queue-5.15/ksmbd-decrease-the-number-of-smb3-smbdirect-server-sges.patch
queue-5.15/ksmbd-make-utf-8-file-name-comparison-work-in-__caseless_lookup.patch
queue-5.15/ksmbd-use-f_setlk-when-unlocking-a-file.patch
queue-5.15/fs-introduce-lock_rename_child-helper.patch
queue-5.15/ksmbd-use-kzalloc-instead-of-__gfp_zero.patch
queue-5.15/ksmbd-set-ntlmssp_negotiate_seal-flag-to-challenge-blob.patch
queue-5.15/ksmbd-call-ib_drain_qp-when-disconnected.patch
queue-5.15/ksmbd-fix-posix_acls-and-acls-dereferencing-possible-err_ptr.patch
queue-5.15/ksmbd-destroy-expired-sessions.patch
queue-5.15/ksmbd-fix-resource-leak-in-smb2_lock.patch
queue-5.15/ksmbd-check-iov-vector-index-in-ksmbd_conn_write.patch
queue-5.15/ksmbd-hide-socket-error-message-when-ipv6-config-is-disable.patch
queue-5.15/ksmbd-use-netif_is_bridge_port.patch
queue-5.15/ksmbd-smbd-simplify-tracking-pending-packets.patch
queue-5.15/ksmbd-implements-sess-rpc_handle_list-as-xarray.patch
queue-5.15/ksmbd-remove-duplicate-flag-set-in-smb2_write.patch
queue-5.15/ksmbd-separately-allocate-ci-per-dentry.patch
queue-5.15/ksmbd-fix-racy-issue-from-session-setup-and-logoff.patch
queue-5.15/ksmbd-fix-race-condition-between-session-lookup-and-expire.patch
queue-5.15/ksmbd-fix-wrong-smbd-max-read-write-size-check.patch
queue-5.15/ksmbd-replace-usage-of-found-with-dedicated-list-iterator-variable.patch
queue-5.15/ksmbd-add-support-for-surrogate-pair-conversion.patch
queue-5.15/ksmbd-reduce-server-smbdirect-max-send-receive-segment-sizes.patch
queue-5.15/ksmbd-fix-force-create-mode-and-force-directory-mode.patch
queue-5.15/ksmbd-remove-unneeded-mark_inode_dirty-in-set_info_sec.patch
queue-5.15/ksmbd-fix-potential-double-free-on-smb2_read_pipe-error-path.patch
queue-5.15/ksmbd-remove-unused-ksmbd_tree_conn_share-function.patch
queue-5.15/ksmbd-block-asynchronous-requests-when-making-a-delay-on-session-setup.patch
queue-5.15/ksmbd-call-putname-after-using-the-last-component.patch
queue-5.15/ksmbd-don-t-open-code-file_path.patch
queue-5.15/ksmbd-fix-passing-freed-memory-aux_payload_buf.patch
queue-5.15/ksmbd-fill-sids-in-smb_find_file_posix_info-response.patch
queue-5.15/ksmbd-don-t-open-code-pd.patch
queue-5.15/ksmbd-shorten-experimental-warning-on-loading-the-module.patch
queue-5.15/ksmbd-remove-filename-in-ksmbd_file.patch
queue-5.15/ksmbd-move-oplock-handling-after-unlock-parent-dir.patch
queue-5.15/ksmbd-fix-race-condition-between-tree-conn-lookup-and-disconnect.patch
queue-5.15/ksmbd-smbd-introduce-read-write-credits-for-rdma-read-write.patch
queue-5.15/ksmbd-fix-slab-out-of-bounds-in-init_smb2_rsp_hdr.patch
queue-5.15/ksmbd-fix-recursive-locking-in-vfs-helpers.patch
queue-5.15/ksmbd-fix-some-kernel-doc-comments.patch
queue-5.15/ksmbd-use-struct_size-helper-in-ksmbd_negotiate_smb_dialect.patch
queue-5.15/ksmbd-smbd-relax-the-count-of-sges-required.patch
queue-5.15/ksmbd-fix-wrong-error-response-status-by-using-set_smb2_rsp_status.patch
queue-5.15/ksmbd-fix-spelling-mistake-excceed-exceeded.patch
queue-5.15/ksmbd-fix-null-pointer-dereferences-in-ksmbd_update_fstate.patch
queue-5.15/ksmbd-fix-encryption-failure-issue-for-session-logoff-response.patch
queue-5.15/ksmbd-prevent-memory-leak-on-error-return.patch
queue-5.15/ksmbd-fix-racy-issue-from-using-d_parent-and-d_name.patch
queue-5.15/ksmbd-change-security-id-to-the-one-samba-used-for-posix-extension.patch
queue-5.15/ksmbd-handle-malformed-smb1-message.patch
queue-5.15/ksmbd-don-t-update-op_state-as-oplock_state_none-on-error.patch
queue-5.15/ksmbd-smbd-fix-connection-dropped-issue.patch
queue-5.15/ksmbd-fix-racy-issue-from-smb2-close-and-logoff-with-multichannel.patch
queue-5.15/ksmbd-change-the-return-value-of-ksmbd_vfs_query_maximal_access-to-void.patch
queue-5.15/ksmbd-fix-slub-overflow-in-ksmbd_decode_ntlmssp_auth_blob.patch
queue-5.15/ksmbd-replace-one-element-array-with-flexible-array-member.patch
queue-5.15/ksmbd-fix-uninitialized-pointer-read-in-ksmbd_vfs_rename.patch
queue-5.15/ksmbd-replace-one-element-arrays-with-flexible-array-members.patch
queue-5.15/ksmbd-fix-unsigned-expression-compared-with-zero.patch
queue-5.15/ksmbd-implements-sess-ksmbd_chann_list-as-xarray.patch
queue-5.15/ksmbd-set-file-permission-mode-to-match-samba-server-posix-extension-behavior.patch
queue-5.15/ksmbd-fix-wrong-interim-response-on-compound.patch
queue-5.15/ksmbd-return-invalid-parameter-error-response-if-smb2-request-is-invalid.patch
queue-5.15/ksmbd-smbd-validate-buffer-descriptor-structures.patch
queue-5.15/ksmbd-fix-missing-rdma-capable-flag-for-ipoib-device-in-ksmbd_rdma_capable_netdev.patch
queue-5.15/ksmbd-send-proper-error-response-in-smb2_tree_connect.patch
queue-5.15/ksmbd-set-negotiatecontextcount-once-instead-of-every-inc.patch
queue-5.15/ksmbd-fix-typo-syncronous-synchronous.patch
queue-5.15/ksmbd-validate-share-name-from-share-config-response.patch
queue-5.15/ksmbd-fix-possible-deadlock-in-smb2_open.patch
queue-5.15/ksmbd-fix-multiple-out-of-bounds-read-during-context-decoding.patch
queue-5.15/ksmbd-add-missing-calling-smb2_set_err_rsp-on-error.patch
queue-5.15/ksmbd-remove-unused-ksmbd_share_configs_cleanup-function.patch
queue-5.15/ksmbd-fix-out-of-bound-read-in-parse_lease_state.patch
queue-5.15/ksmbd-remove-duplicated-codes.patch
queue-5.15/ksmbd-remove-a-redundant-zeroing-of-memory.patch
queue-5.15/ksmbd-change-leasekey-data-type-to-u8-array.patch
queue-5.15/ksmbd-add-support-for-read-compound.patch
queue-5.15/ksmbd-fix-kernel-doc-comment-of-ksmbd_vfs_setxattr.patch
queue-5.15/ksmbd-remove-unused-compression-negotiate-ctx-packing.patch
queue-5.15/ksmbd-switch-to-use-kmemdup_nul-helper.patch
queue-5.15/ksmbd-fix-race-condition-from-parallel-smb2-logoff-requests.patch
queue-5.15/ksmbd-fix-out-of-bound-read-in-deassemble_neg_contexts.patch
queue-5.15/ksmbd-remove-unnecessary-generic_fillattr-in-smb2_open.patch
queue-5.15/ksmbd-avoid-duplicate-negotiate-ctx-offset-increments.patch
queue-5.15/ksmbd-remove-experimental-warning.patch
queue-5.15/ksmbd-return-a-literal-instead-of-err-in-ksmbd_vfs_kern_path_locked.patch
queue-5.15/ksmbd-smbd-change-prototypes-of-rdma-read-write-related-functions.patch
queue-5.15/ksmbd-fix-out-of-bounds-in-init_smb2_rsp_hdr.patch
queue-5.15/ksmbd-fix-possible-memory-leak-in-smb2_lock.patch
queue-5.15/ksmbd-remove-unused-field-in-ksmbd_user-struct.patch
queue-5.15/ksmbd-fix-one-kernel-doc-comment.patch
queue-5.15/ksmbd-no-need-to-wait-for-binded-connection-termination-at-logoff.patch
queue-5.15/ksmbd-fix-race-condition-with-fp.patch
queue-5.15/ksmbd-fix-wrong-signingkey-creation-when-encryption-is-aes256.patch
queue-5.15/ksmbd-update-kconfig-to-note-kerberos-support-and-fix-indentation.patch
queue-5.15/ksmbd-move-setting-smb2_flags_async_command-and-asyncid.patch
queue-5.15/smb3-fix-ksmbd-bigendian-bug-in-oplock-break-and-move-its-struct-to-smbfs_common.patch
queue-5.15/ksmbd-store-fids-as-opaque-u64-integers.patch
queue-5.15/ksmbd-delete-asynchronous-work-from-list.patch
queue-5.15/ksmbd-use-kvzalloc-instead-of-kvmalloc.patch
queue-5.15/ksmbd-smbd-change-the-return-value-of-get_sg_list.patch
queue-5.15/ksmbd-add-missing-compound-request-handing-in-some-commands.patch
queue-5.15/ksmbd-remove-unused-is_char_allowed-function.patch
queue-5.15/ksmbd-use-oid-registry-functions-to-decode-oids.patch
queue-5.15/ksmbd-fix-kernel-doc-comment-of-ksmbd_vfs_kern_path_locked.patch
queue-5.15/ksmbd-use-wait_event-instead-of-schedule_timeout.patch
queue-5.15/ksmbd-check-if-a-mount-point-is-crossed-during-path-lookup.patch
queue-5.15/ksmbd-replace-the-ternary-conditional-operator-with-min.patch
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux