On Tue, Oct 31, 2017 at 03:02:11PM +0200, Thomas Backlund wrote: > Den 31.10.2017 kl. 11:55, skrev Greg Kroah-Hartman: > > 4.13-stable review patch. If anyone has any objections, please let me know. > > > > ------------------ > > > > From: Steve French <smfrench@xxxxxxxxx> > > > > commit 4587eee04e2ac7ac3ac9fa2bc164fb6e548f99cd upstream. > > > > According to MS-SMB2 3.2.55 validate_negotiate request must > > always be signed. Some Windows can fail the request if you send it unsigned > > > > See kernel bugzilla bug 197311 > > > > Acked-by: Ronnie Sahlberg <lsahlber.redhat.com> > > Signed-off-by: Steve French <smfrench@xxxxxxxxx> > > Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> > > > > --- > > fs/cifs/smb2pdu.c | 3 +++ > > 1 file changed, 3 insertions(+) > > > > --- a/fs/cifs/smb2pdu.c > > +++ b/fs/cifs/smb2pdu.c > > @@ -1963,6 +1963,9 @@ SMB2_ioctl(const unsigned int xid, struc > > } else > > iov[0].iov_len = get_rfc1002_length(req) + 4; > > + /* validate negotiate request must be signed - see MS-SMB2 3.2.5.5 */ > > + if (opcode == FSCTL_VALIDATE_NEGOTIATE_INFO) > > + req->hdr.sync_hdr.Flags |= SMB2_FLAGS_SIGNED; > > rc = SendReceive2(xid, ses, iov, n_iov, &resp_buftype, flags, &rsp_iov); > > cifs_small_buf_release(req); > > > > > > > > This one needs to be backported to all stable kernels as the commit that > introduced the regression: > ' > 0603c96f3af50e2f9299fa410c224ab1d465e0f9 > SMB: Validate negotiate (to protect against downgrade) even if signing off > > is backported in stable trees as of: 4.9.53, 4.4.90, 3.18.73 Thanks, I originally tried to backport this, but it applied in an odd way. I've fixed it up by hand now. greg k-h