]> git.proxmox.com Git - mirror_ubuntu-kernels.git/commit
SMB: Validate negotiate (to protect against downgrade) even if signing off
authorSteve French <smfrench@gmail.com>
Thu, 21 Sep 2017 00:57:18 +0000 (19:57 -0500)
committerSteve French <smfrench@gmail.com>
Thu, 21 Sep 2017 00:57:18 +0000 (19:57 -0500)
commit0603c96f3af50e2f9299fa410c224ab1d465e0f9
tree3c9642e348c9618d141e475102688be1846752cc
parentf5c4ba816315d3b813af16f5571f86c8d4e897bd
SMB: Validate negotiate (to protect against downgrade) even if signing off

As long as signing is supported (ie not a guest user connection) and
connection is SMB3 or SMB3.02, then validate negotiate (protect
against man in the middle downgrade attacks).  We had been doing this
only when signing was required, not when signing was just enabled,
but this more closely matches recommended SMB3 behavior and is
better security.  Suggested by Metze.

Signed-off-by: Steve French <smfrench@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Acked-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
CC: Stable <stable@vger.kernel.org>
fs/cifs/smb2pdu.c