[SRU][Trusty][PATCH 0/1] SMB3: Validate negotiate request must always be signed

Joseph Salisbury joseph.salisbury at canonical.com
Tue Nov 14 20:09:11 UTC 2017 

On 11/14/2017 12:37 PM, Kleber Souza wrote:
> On 11/03/17 17:49, Joseph Salisbury wrote:
>> BugLink: http://bugs.launchpad.net/bugs/1729337
>>
>> == SRU Justification ==
>> A regression was introduced in all Ubuntu kernels.  The regression was 
>> introduced in 3.13.0-135 for Trusty.  The 3.13.0-133 kernel did not exhibit the bug.  
>> It was found that the regression is fixed by mainline commit:
>> 4587eee04e2a ("SMB3: Validate negotiate request must always be signed").
> Hi Joseph,
>
> It's strange that reverting to 3.13.0-133 fixed the issue since there
> wasn't any cifs related change from 3.13.0-133 to 3.13.0-135. Also, on
> kernel bugzilla 197311 it's mentioned that this was introduced by
> 0603c96f upstream ("SMB: Validate negotiate (to protect against
> downgrade) even if signing off"), which was not backported for Trusty,
> but was for Xenial and Artful (which makes me also wonder if the other
> patch is really needed for Zesty).
Thanks for the review.  I'll confirm whether this commit is really
needed for Trusty or not.  If it isn't, I'll NAK the SRU request. 

>
>
> Kleber
>
>> This fix is required in all Ubuntu supported releases.  Commit 4587eee04e2a
>> landed in mailine as of 4.14-rc7.  It  was also cc'd to upstream stable.  Upstream
>> 3.13 is EOL, which is the reason for thie SRU request.
>>
>> == Fix ==
>> commit 4587eee04e2ac7ac3ac9fa2bc164fb6e548f99cd
>> Author: Steve French <smfrench at gmail.com>
>> Date:   Wed Oct 25 15:58:31 2017 -0500
>>     SMB3: Validate negotiate request must always be signed
>>
>> == Regression Potential ==
>> This patch is to fix a regression.  It was also cc'd to upstream stable, so 
>> it received addition review upstream.
>>
>> == Test Case ==
>> A test kernel was built with this patch and tested by the original bug reporter.
>> The bug reporter states the test kernel resolved the bug.
>>
>>
>> Steve French (1):
>>   SMB3: Validate negotiate request must always be signed
>>
>>  fs/cifs/smb2pdu.c | 3 +++
>>  1 file changed, 3 insertions(+)
>>

More information about the kernel-team mailing list