From: Stefan Metzmacher Date: Tue, 9 Mar 2021 22:54:04 +0000 (+0100) Subject: smb2_sesssetup: validate that sign_algo and encryption_cipher match on a session... X-Git-Tag: tevent-0.11.0~1479 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8f43c15f627d25848622712f5d2e1bceeec72371;p=thirdparty%2Fsamba.git smb2_sesssetup: validate that sign_algo and encryption_cipher match on a session bind BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512 Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Wed Mar 17 01:56:37 UTC 2021 on sn-devel-184 --- diff --git a/selftest/knownfail.d/smb2.session b/selftest/knownfail.d/smb2.session deleted file mode 100644 index 35ef1d743ee..00000000000 --- a/selftest/knownfail.d/smb2.session +++ /dev/null @@ -1 +0,0 @@ -^samba3.smb2.session.*.bind_negative_smb3encGtoC diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c index 38b0ccd4a72..09c9924a535 100644 --- a/source3/smbd/smb2_sesssetup.c +++ b/source3/smbd/smb2_sesssetup.c @@ -723,6 +723,20 @@ static struct tevent_req *smbd_smb2_session_setup_send(TALLOC_CTX *mem_ctx, return tevent_req_post(req, ev); } + if (smb2req->session->global->signing_algo + != smb2req->xconn->smb2.server.sign_algo) + { + tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER); + return tevent_req_post(req, ev); + } + + if (smb2req->session->global->encryption_cipher + != smb2req->xconn->smb2.server.cipher) + { + tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER); + return tevent_req_post(req, ev); + } + status = smbXsrv_session_find_channel(smb2req->session, smb2req->xconn, &c);