summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--libcli/smb/smbXcli_base.c26
-rw-r--r--libcli/smb/smb_signing.c10
-rw-r--r--libcli/smb/smb_signing.h6
-rw-r--r--source3/smbd/signing.c10
4 files changed, 33 insertions, 19 deletions
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index 37c738ebb6..29dba8cbc0 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -633,7 +633,10 @@ bool smb1cli_conn_activate_signing(struct smbXcli_conn *conn,
bool smb1cli_conn_check_signing(struct smbXcli_conn *conn,
const uint8_t *buf, uint32_t seqnum)
{
- return smb_signing_check_pdu(conn->smb1.signing, buf, seqnum);
+ const uint8_t *hdr = buf + NBT_HDR_SIZE;
+ size_t len = smb_len_nbt(buf);
+
+ return smb_signing_check_pdu(conn->smb1.signing, hdr, len, seqnum);
}
bool smb1cli_conn_signing_is_active(struct smbXcli_conn *conn)
@@ -1339,15 +1342,17 @@ static NTSTATUS smb1cli_conn_signv(struct smbXcli_conn *conn,
frame = talloc_stackframe();
- buf = smbXcli_iov_concat(frame, iov, iov_count);
+ buf = smbXcli_iov_concat(frame, &iov[1], iov_count - 1);
if (buf == NULL) {
return NT_STATUS_NO_MEMORY;
}
*seqnum = smb_signing_next_seqnum(conn->smb1.signing,
one_way_seqnum);
- smb_signing_sign_pdu(conn->smb1.signing, buf, *seqnum);
- memcpy(iov[1].iov_base, buf+4, iov[1].iov_len);
+ smb_signing_sign_pdu(conn->smb1.signing,
+ buf, talloc_get_size(buf),
+ *seqnum);
+ memcpy(iov[1].iov_base, buf, iov[1].iov_len);
TALLOC_FREE(frame);
return NT_STATUS_OK;
@@ -1776,7 +1781,8 @@ static NTSTATUS smb1cli_conn_dispatch_incoming(struct smbXcli_conn *conn,
uint8_t cmd;
uint16_t mid;
bool oplock_break;
- const uint8_t *inhdr = inbuf + NBT_HDR_SIZE;
+ uint8_t *inhdr = inbuf + NBT_HDR_SIZE;
+ size_t len = smb_len_nbt(inbuf);
struct iovec *iov = NULL;
int num_iov = 0;
struct tevent_req **chain = NULL;
@@ -1804,8 +1810,8 @@ static NTSTATUS smb1cli_conn_dispatch_incoming(struct smbXcli_conn *conn,
}
}
- state->smb1.recv_iov[0].iov_base = (void *)(inbuf + NBT_HDR_SIZE);
- state->smb1.recv_iov[0].iov_len = smb_len_nbt(inbuf);
+ state->smb1.recv_iov[0].iov_base = (void *)(inhdr);
+ state->smb1.recv_iov[0].iov_len = len;
ZERO_STRUCT(state->smb1.recv_iov[1]);
ZERO_STRUCT(state->smb1.recv_iov[2]);
@@ -1852,6 +1858,8 @@ static NTSTATUS smb1cli_conn_dispatch_incoming(struct smbXcli_conn *conn,
nt_errstr(status)));
return status;
}
+ inhdr = inbuf + NBT_HDR_SIZE;
+ len = smb_len_nbt(inbuf);
}
mid = SVAL(inhdr, HDR_MID);
@@ -1873,7 +1881,7 @@ static NTSTATUS smb1cli_conn_dispatch_incoming(struct smbXcli_conn *conn,
/*
* Paranoia checks that this is really an oplock break request.
*/
- oplock_break = (smb_len_nbt(inbuf) == 51); /* hdr + 8 words */
+ oplock_break = (len == 51); /* hdr + 8 words */
oplock_break &= ((CVAL(inhdr, HDR_FLG) & FLAG_REPLY) == 0);
oplock_break &= (CVAL(inhdr, HDR_COM) == SMBlockingX);
oplock_break &= (SVAL(inhdr, HDR_VWV+VWV(6)) == 0);
@@ -1890,7 +1898,7 @@ static NTSTATUS smb1cli_conn_dispatch_incoming(struct smbXcli_conn *conn,
if (!oplock_break /* oplock breaks are not signed */
&& !smb_signing_check_pdu(conn->smb1.signing,
- inbuf, state->smb1.seqnum+1)) {
+ inhdr, len, state->smb1.seqnum+1)) {
DEBUG(10, ("cli_check_sign_mac failed\n"));
return NT_STATUS_ACCESS_DENIED;
}
diff --git a/libcli/smb/smb_signing.c b/libcli/smb/smb_signing.c
index 6c598f50f7..2f7e8702ba 100644
--- a/libcli/smb/smb_signing.c
+++ b/libcli/smb/smb_signing.c
@@ -216,13 +216,12 @@ void smb_signing_cancel_reply(struct smb_signing_state *si, bool oneway)
}
void smb_signing_sign_pdu(struct smb_signing_state *si,
- uint8_t *outbuf, uint32_t seqnum)
+ uint8_t *outhdr, size_t len,
+ uint32_t seqnum)
{
uint8_t calc_md5_mac[16];
uint8_t com;
uint8_t flags;
- uint8_t *outhdr = outbuf + NBT_HDR_SIZE;
- size_t len = smb_len_nbt(outbuf);
if (si->mac_key.length == 0) {
if (!si->negotiated) {
@@ -279,13 +278,12 @@ void smb_signing_sign_pdu(struct smb_signing_state *si,
}
bool smb_signing_check_pdu(struct smb_signing_state *si,
- const uint8_t *inbuf, uint32_t seqnum)
+ const uint8_t *inhdr, size_t len,
+ uint32_t seqnum)
{
bool good;
uint8_t calc_md5_mac[16];
const uint8_t *reply_sent_mac;
- const uint8_t *inhdr = inbuf + NBT_HDR_SIZE;
- size_t len = smb_len_nbt(inbuf);
if (si->mac_key.length == 0) {
return true;
diff --git a/libcli/smb/smb_signing.h b/libcli/smb/smb_signing.h
index b5deec6cde..1e9e1dd812 100644
--- a/libcli/smb/smb_signing.h
+++ b/libcli/smb/smb_signing.h
@@ -37,9 +37,11 @@ struct smb_signing_state *smb_signing_init_ex(TALLOC_CTX *mem_ctx,
uint32_t smb_signing_next_seqnum(struct smb_signing_state *si, bool oneway);
void smb_signing_cancel_reply(struct smb_signing_state *si, bool oneway);
void smb_signing_sign_pdu(struct smb_signing_state *si,
- uint8_t *outbuf, uint32_t seqnum);
+ uint8_t *outhdr, size_t len,
+ uint32_t seqnum);
bool smb_signing_check_pdu(struct smb_signing_state *si,
- const uint8_t *inbuf, uint32_t seqnum);
+ const uint8_t *inhdr, size_t len,
+ uint32_t seqnum);
bool smb_signing_activate(struct smb_signing_state *si,
const DATA_BLOB user_session_key,
const DATA_BLOB response);
diff --git a/source3/smbd/signing.c b/source3/smbd/signing.c
index 1661b1bebf..2b622244c9 100644
--- a/source3/smbd/signing.c
+++ b/source3/smbd/signing.c
@@ -66,7 +66,7 @@ bool srv_check_sign_mac(struct smbd_server_connection *conn,
*seqnum = smb_signing_next_seqnum(conn->smb1.signing_state, false);
return smb_signing_check_pdu(conn->smb1.signing_state,
- (const uint8_t *)inbuf,
+ inhdr, len,
*seqnum);
}
@@ -77,12 +77,18 @@ bool srv_check_sign_mac(struct smbd_server_connection *conn,
void srv_calculate_sign_mac(struct smbd_server_connection *conn,
char *outbuf, uint32_t seqnum)
{
+ uint8_t *outhdr;
+ size_t len;
+
/* Check if it's a non-session message. */
if(CVAL(outbuf,0)) {
return;
}
- smb_signing_sign_pdu(conn->smb1.signing_state, (uint8_t *)outbuf, seqnum);
+ len = smb_len(outbuf);
+ outhdr = (uint8_t *)outbuf + NBT_HDR_SIZE;
+
+ smb_signing_sign_pdu(conn->smb1.signing_state, outhdr, len, seqnum);
}