samba/sme10/CVE-2017-12151.patch

From be03c9118e812f93d50c71294fbf9f12bcf2a7f1 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 14 Aug 2017 12:13:18 +0200
Subject: [PATCH 1/2] CVE-2017-12151: s3:libsmb: add
 cli_state_is_encryption_on() helper function

This allows to check if the current cli_state uses encryption
(either via unix extentions or via SMB3).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12996

Signed-off-by: Stefan Metzmacher <metze@samba.org>
---
 source3/libsmb/clientgen.c | 13 +++++++++++++
 source3/libsmb/proto.h     |  1 +
 2 files changed, 14 insertions(+)

diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index bc5c1b1ce3c..3e8523e5ce8 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -339,6 +339,19 @@ uint32_t cli_getpid(struct cli_state *cli)
        return cli->smb1.pid;
 }
 
+bool cli_state_is_encryption_on(struct cli_state *cli)
+{
+       if (smbXcli_conn_protocol(cli->conn) < PROTOCOL_SMB2_02) {
+               return smb1cli_conn_encryption_on(cli->conn);
+       }
+
+       if (cli->smb2.tcon == NULL) {
+               return false;
+       }
+
+       return smb2cli_tcon_is_encryption_on(cli->smb2.tcon);
+}
+
 bool cli_state_has_tcon(struct cli_state *cli)
 {
        uint16_t tid = cli_state_get_tid(cli);
diff --git a/source3/libsmb/proto.h b/source3/libsmb/proto.h
index 764f3fc1b12..67fa43e4e4a 100644
--- a/source3/libsmb/proto.h
+++ b/source3/libsmb/proto.h
@@ -195,6 +195,7 @@ const char *cli_state_remote_realm(struct cli_state *cli);
 uint16_t cli_state_get_vc_num(struct cli_state *cli);
 uint32_t cli_setpid(struct cli_state *cli, uint32_t pid);
 uint32_t cli_getpid(struct cli_state *cli);
+bool cli_state_is_encryption_on(struct cli_state *cli);
 bool cli_state_has_tcon(struct cli_state *cli);
 uint16_t cli_state_get_tid(struct cli_state *cli);
 uint16_t cli_state_set_tid(struct cli_state *cli, uint16_t tid);
-- 
2.13.5


From 16d3c8288ae78a686715c242293691c00ec6d7a5 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Sat, 17 Dec 2016 10:36:49 +0100
Subject: [PATCH 2/2] CVE-2017-12151: s3:libsmb: make use of
 cli_state_is_encryption_on()

This will keep enforced encryption across dfs referrals.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12996

Signed-off-by: Stefan Metzmacher <metze@samba.org>
---
 source3/libsmb/clidfs.c         | 4 ++--
 source3/libsmb/libsmb_context.c | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c
index c477d7c6a46..99818a681e3 100644
--- a/source3/libsmb/clidfs.c
+++ b/source3/libsmb/clidfs.c
@@ -980,7 +980,7 @@ NTSTATUS cli_resolve_path(TALLOC_CTX *ctx,
                             "IPC$",
                             dfs_auth_info,
                             false,
-                            smb1cli_conn_encryption_on(rootcli->conn),
+                            cli_state_is_encryption_on(rootcli),
                             smbXcli_conn_protocol(rootcli->conn),
                             0,
                             0x20,
@@ -1038,7 +1038,7 @@ NTSTATUS cli_resolve_path(TALLOC_CTX *ctx,
                                dfs_refs[count].share,
                                dfs_auth_info,
                                false,
-                               smb1cli_conn_encryption_on(rootcli->conn),
+                               cli_state_is_encryption_on(rootcli),
                                smbXcli_conn_protocol(rootcli->conn),
                                0,
                                0x20,
diff --git a/source3/libsmb/libsmb_context.c b/source3/libsmb/libsmb_context.c
index ed6ca2b1b9f..b55cf1e2d15 100644
--- a/source3/libsmb/libsmb_context.c
+++ b/source3/libsmb/libsmb_context.c
@@ -486,7 +486,7 @@ smbc_option_get(SMBCCTX *context,
 
                 for (s = context->internal->servers; s; s = s->next) {
                         num_servers++;
-                        if (!smb1cli_conn_encryption_on(s->cli->conn)) {
+                        if (!cli_state_is_encryption_on(s->cli)) {
                                 return (void *)false;
                         }
                 }
-- 
2.13.5

1	From be03c9118e812f93d50c71294fbf9f12bcf2a7f1 Mon Sep 17 00:00:00 2001
2	From: Stefan Metzmacher <metze@samba.org>
3	Date: Mon, 14 Aug 2017 12:13:18 +0200
4	Subject: [PATCH 1/2] CVE-2017-12151: s3:libsmb: add
5	cli_state_is_encryption_on() helper function
6
7	This allows to check if the current cli_state uses encryption
8	(either via unix extentions or via SMB3).
9
10	BUG: https://bugzilla.samba.org/show_bug.cgi?id=12996
11
12	Signed-off-by: Stefan Metzmacher <metze@samba.org>
13	---
14	source3/libsmb/clientgen.c \| 13 +++++++++++++
15	source3/libsmb/proto.h \| 1 +
16	2 files changed, 14 insertions(+)
17
18	diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
19	index bc5c1b1ce3c..3e8523e5ce8 100644
20	--- a/source3/libsmb/clientgen.c
21	+++ b/source3/libsmb/clientgen.c
22	@@ -339,6 +339,19 @@ uint32_t cli_getpid(struct cli_state *cli)
23	return cli->smb1.pid;
24	}
25
26	+bool cli_state_is_encryption_on(struct cli_state *cli)
27	+{
28	+ if (smbXcli_conn_protocol(cli->conn) < PROTOCOL_SMB2_02) {
29	+ return smb1cli_conn_encryption_on(cli->conn);
30	+ }
31	+
32	+ if (cli->smb2.tcon == NULL) {
33	+ return false;
34	+ }
35	+
36	+ return smb2cli_tcon_is_encryption_on(cli->smb2.tcon);
37	+}
38	+
39	bool cli_state_has_tcon(struct cli_state *cli)
40	{
41	uint16_t tid = cli_state_get_tid(cli);
42	diff --git a/source3/libsmb/proto.h b/source3/libsmb/proto.h
43	index 764f3fc1b12..67fa43e4e4a 100644
44	--- a/source3/libsmb/proto.h
45	+++ b/source3/libsmb/proto.h
46	@@ -195,6 +195,7 @@ const char cli_state_remote_realm(struct cli_state cli);
47	uint16_t cli_state_get_vc_num(struct cli_state *cli);
48	uint32_t cli_setpid(struct cli_state *cli, uint32_t pid);
49	uint32_t cli_getpid(struct cli_state *cli);
50	+bool cli_state_is_encryption_on(struct cli_state *cli);
51	bool cli_state_has_tcon(struct cli_state *cli);
52	uint16_t cli_state_get_tid(struct cli_state *cli);
53	uint16_t cli_state_set_tid(struct cli_state *cli, uint16_t tid);
54	--
55	2.13.5
56
57
58	From 16d3c8288ae78a686715c242293691c00ec6d7a5 Mon Sep 17 00:00:00 2001
59	From: Stefan Metzmacher <metze@samba.org>
60	Date: Sat, 17 Dec 2016 10:36:49 +0100
61	Subject: [PATCH 2/2] CVE-2017-12151: s3:libsmb: make use of
62	cli_state_is_encryption_on()
63
64	This will keep enforced encryption across dfs referrals.
65
66	BUG: https://bugzilla.samba.org/show_bug.cgi?id=12996
67
68	Signed-off-by: Stefan Metzmacher <metze@samba.org>
69	---
70	source3/libsmb/clidfs.c \| 4 ++--
71	source3/libsmb/libsmb_context.c \| 2 +-
72	2 files changed, 3 insertions(+), 3 deletions(-)
73
74	diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c
75	index c477d7c6a46..99818a681e3 100644
76	--- a/source3/libsmb/clidfs.c
77	+++ b/source3/libsmb/clidfs.c
78	@@ -980,7 +980,7 @@ NTSTATUS cli_resolve_path(TALLOC_CTX *ctx,
79	"IPC$",
80	dfs_auth_info,
81	false,
82	- smb1cli_conn_encryption_on(rootcli->conn),
83	+ cli_state_is_encryption_on(rootcli),
84	smbXcli_conn_protocol(rootcli->conn),
85	0,
86	0x20,
87	@@ -1038,7 +1038,7 @@ NTSTATUS cli_resolve_path(TALLOC_CTX *ctx,
88	dfs_refs[count].share,
89	dfs_auth_info,
90	false,
91	- smb1cli_conn_encryption_on(rootcli->conn),
92	+ cli_state_is_encryption_on(rootcli),
93	smbXcli_conn_protocol(rootcli->conn),
94	0,
95	0x20,
96	diff --git a/source3/libsmb/libsmb_context.c b/source3/libsmb/libsmb_context.c
97	index ed6ca2b1b9f..b55cf1e2d15 100644
98	--- a/source3/libsmb/libsmb_context.c
99	+++ b/source3/libsmb/libsmb_context.c
100	@@ -486,7 +486,7 @@ smbc_option_get(SMBCCTX *context,
101
102	for (s = context->internal->servers; s; s = s->next) {
103	num_servers++;
104	- if (!smb1cli_conn_encryption_on(s->cli->conn)) {
105	+ if (!cli_state_is_encryption_on(s->cli)) {
106	return (void *)false;
107	}
108	}
109	--
110	2.13.5
111