lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 4 May 2022 16:18:22 -0400 From: Tom Talpey <tom@...pey.com> To: Paulo Alcantara <pc@....nz>, Steven French <sfrench@...ba.org>, Byron Stanoszek <gandalf@...ds.org> Cc: linux-cifs@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: CIFS regression mounting vers=1.0 NTLMSSP when hostname is too long On 5/4/2022 3:15 PM, Paulo Alcantara wrote: > Hi Steve, > > Steven French <sfrench@...ba.org> writes: > >> makes sense - do you see anything related in the NTLMSSP doc? > > I'll quote some relevant parts from MS-NLMP which make sense to me: > > 3.1.5.1.2 Client Receives a CHALLENGE_MESSAGE from the Server > ... > If the NTLMSSP_NEGOTIATE_VERSION flag is set by the client application, > the Version field MUST be set to the current version (section 2.2.2.10), > and the Workstation field MUST be set to NbMachineName. > > 3.2.1.1 Variables Internal to the Protocol > ... > NbMachineName: A string that indicates the NetBIOS machine name of the > server. > > 2.2.2.1 AV_PAIR > ... > MsvAvNbComputerName: The server's NetBIOS computer name. The name MUST > be in Unicode, and is not null-terminated. This type of information MUST > be present in the AV_pair list. > > and indeed we set NTLMSSP_NEGOTIATE_VERSION in > fs/cifs/sess.c:build_ntlmssp_smb3_negotiate_blob(). > > Unless I didn't miss anything obvious, I think we should be sending > NetBIOS name or simply truncate utsname()->nodename to 16 bytes as > previously proposed by Byron regardless what protocol version is being > used. > > Tom, what is your opinion on that? I think the most conservative and spec-compliant choice should be made. SMB1 should not be pushing the envelope of interoperability, in this day and age. I believe the NetBIOS name is a fixed array of 16 octets, right? So, if the nodename is shorter, it needs to be padded with 0's. Did this code change recently? Why??? Tom.
Powered by blists - more mailing lists