From 84bad74a21efbf32952e45bf9a77da7cd181d7fc Mon Sep 17 00:00:00 2001 From: Aurelien Aptel Date: Mon, 7 Jun 2021 02:00:31 +0000 Subject: [PATCH] cifs: set server->cipher_type to AES-128-CCM for SMB3.0 stable inclusion from stable-5.10.42 commit 3e5b48d9e713cb2fdc33a2b23acb9b3e48edf3af bugzilla: 55093 CVE: NA -------------------------------- commit 6d2fcfe6b517fe7cbf2687adfb0a16cdcd5d9243 upstream. SMB3.0 doesn't have encryption negotiate context but simply uses the SMB2_GLOBAL_CAP_ENCRYPTION flag. When that flag is present in the neg response cifs.ko uses AES-128-CCM which is the only cipher available in this context. cipher_type was set to the server cipher only when parsing encryption negotiate context (SMB3.1.1). For SMB3.0 it was set to 0. This means cipher_type value can be 0 or 1 for AES-128-CCM. Fix this by checking for SMB3.0 and encryption capability and setting cipher_type appropriately. Signed-off-by: Aurelien Aptel Cc: Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman Signed-off-by: Chen Jun Acked-by: Weilong Chen Signed-off-by: Zheng Zengkai --- fs/cifs/smb2pdu.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index d424f431263c..0ce92d958fd6 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -951,6 +951,13 @@ SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses) /* Internal types */ server->capabilities |= SMB2_NT_FIND | SMB2_LARGE_FILES; + /* + * SMB3.0 supports only 1 cipher and doesn't have a encryption neg context + * Set the cipher type manually. + */ + if (server->dialect == SMB30_PROT_ID && (server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION)) + server->cipher_type = SMB2_ENCRYPTION_AES128_CCM; + security_blob = smb2_get_data_area_len(&blob_offset, &blob_length, (struct smb2_sync_hdr *)rsp); /* -- GitLab