From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 16 Jul 2015 02:45:16 +0000 (+0200)
Subject: CVE-2016-2114: s4:smb2_server: fix session setup with required signing
X-Git-Tag: samba-4.2.10~142
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=141d4ac742b7c03cd2db560e7391cf9029014cc3;p=thirdparty%2Fsamba.git

CVE-2016-2114: s4:smb2_server: fix session setup with required signing

The client can't sign the session setup request...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11687

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
---

diff --git a/source4/smb_server/smb2/sesssetup.c b/source4/smb_server/smb2/sesssetup.c
index 35a14840300..36adafdb891 100644
--- a/source4/smb_server/smb2/sesssetup.c
+++ b/source4/smb_server/smb2/sesssetup.c
@@ -201,14 +201,6 @@ static void smb2srv_sesssetup_backend(struct smb2srv_request *req, union smb_ses
 	   set SMB2_NEGOTIATE_SIGNING_REQUIRED */
 	if (io->smb2.in.security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) {
 		smb_sess->smb2_signing.required = true;
-	} else if (req->smb_conn->smb2_signing_required) {
-		/*
-		 * if required signing was negotiates in SMB2 Negotiate
-		 * then the client made an error not using it here
-		 */
-		DEBUG(1, ("SMB2 signing required on the connection but not used on session\n"));
-		req->status = NT_STATUS_FOOBAR;
-		goto failed;
 	}
 
 	/* disable receipt of more packets on this socket until we've