diff options
author | Stefan Metzmacher <metze@samba.org> | 2016-04-20 11:26:57 +0200 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2016-07-05 09:21:54 +0200 |
commit | b9200a6fe1f2e78d714420d162e00590de6827b0 (patch) | |
tree | 9ffc8aeacd4427c4d91ca19ef3af084615218618 | |
parent | 7e73588cdd3280a1866c27a9309cb5fc65b21a00 (diff) | |
download | samba-b9200a6fe1f2e78d714420d162e00590de6827b0.tar.gz |
CVE-2016-2019: libcli/smb: don't allow guest sessions if we require signing
Note real anonymous sessions (with "" as username) don't hit this
as we don't even call smb2cli_session_set_session_key() in that case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11860
Signed-off-by: Stefan Metzmacher <metze@samba.org>
-rw-r--r-- | libcli/smb/smbXcli_base.c | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c index b07fdad6136..6797207cc90 100644 --- a/libcli/smb/smbXcli_base.c +++ b/libcli/smb/smbXcli_base.c @@ -4952,6 +4952,10 @@ bool smbXcli_session_is_guest(struct smbXcli_session *session) return false; } + if (session->conn->mandatory_signing) { + return false; + } + if (session->conn->protocol >= PROTOCOL_SMB2_02) { if (session->smb2->session_flags & SMB2_SESSION_FLAG_IS_GUEST) { return true; @@ -5177,7 +5181,7 @@ NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session, const struct iovec *recv_iov) { struct smbXcli_conn *conn = session->conn; - uint16_t no_sign_flags; + uint16_t no_sign_flags = 0; uint8_t session_key[16]; bool check_signature = true; uint32_t hdr_flags; @@ -5191,7 +5195,18 @@ NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session, return NT_STATUS_INVALID_PARAMETER_MIX; } - no_sign_flags = SMB2_SESSION_FLAG_IS_GUEST | SMB2_SESSION_FLAG_IS_NULL; + if (!conn->mandatory_signing) { + /* + * only allow guest sessions without + * mandatory signing. + * + * If we try an authentication with username != "" + * and the server let us in without verifying the + * password we don't have a negotiated session key + * for signing. + */ + no_sign_flags = SMB2_SESSION_FLAG_IS_GUEST; + } if (session->smb2->session_flags & no_sign_flags) { session->smb2->should_sign = false; |