This is a note to let you know that I've just added the patch titled SMB3: Validate negotiate request must always be signed to the 4.13-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: smb3-validate-negotiate-request-must-always-be-signed.patch and it can be found in the queue-4.13 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From 4587eee04e2ac7ac3ac9fa2bc164fb6e548f99cd Mon Sep 17 00:00:00 2001 From: Steve French <smfrench@xxxxxxxxx> Date: Wed, 25 Oct 2017 15:58:31 -0500 Subject: SMB3: Validate negotiate request must always be signed From: Steve French <smfrench@xxxxxxxxx> commit 4587eee04e2ac7ac3ac9fa2bc164fb6e548f99cd upstream. According to MS-SMB2 3.2.55 validate_negotiate request must always be signed. Some Windows can fail the request if you send it unsigned See kernel bugzilla bug 197311 Acked-by: Ronnie Sahlberg <lsahlber.redhat.com> Signed-off-by: Steve French <smfrench@xxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- fs/cifs/smb2pdu.c | 3 +++ 1 file changed, 3 insertions(+) --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -1963,6 +1963,9 @@ SMB2_ioctl(const unsigned int xid, struc } else iov[0].iov_len = get_rfc1002_length(req) + 4; + /* validate negotiate request must be signed - see MS-SMB2 3.2.5.5 */ + if (opcode == FSCTL_VALIDATE_NEGOTIATE_INFO) + req->hdr.sync_hdr.Flags |= SMB2_FLAGS_SIGNED; rc = SendReceive2(xid, ses, iov, n_iov, &resp_buftype, flags, &rsp_iov); cifs_small_buf_release(req); Patches currently in stable-queue which might be from smfrench@xxxxxxxxx are queue-4.13/cifs-fix-null-pointer-deref-on-smb2_tcon-failure.patch queue-4.13/cifs-select-all-required-crypto-modules.patch queue-4.13/smb3-validate-negotiate-request-must-always-be-signed.patch queue-4.13/fix-encryption-labels-and-lengths-for-smb3.1.1.patch