Commit a5c62f48 authored by Aurelien Aptel's avatar Aurelien Aptel Committed by Steve French

CIFS: fix uninitialized ptr deref in smb2 signing

server->secmech.sdeschmacsha256 is not properly initialized before
smb2_shash_allocate(), set shash after that call.

also fix typo in error message

Fixes: 8de8c460 ("cifs: Fix validation of signed data in smb2")
Signed-off-by: default avatarAurelien Aptel <aaptel@suse.com>
Reviewed-by: default avatarPaulo Alcantara <palcantara@suse.com>
Reported-by: default avatarXiaoli Feng <xifeng@redhat.com>
Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
CC: Stable <stable@vger.kernel.org>
parent fd09b7d3
...@@ -171,7 +171,7 @@ smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server) ...@@ -171,7 +171,7 @@ smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
struct kvec *iov = rqst->rq_iov; struct kvec *iov = rqst->rq_iov;
struct smb2_sync_hdr *shdr = (struct smb2_sync_hdr *)iov[0].iov_base; struct smb2_sync_hdr *shdr = (struct smb2_sync_hdr *)iov[0].iov_base;
struct cifs_ses *ses; struct cifs_ses *ses;
struct shash_desc *shash = &server->secmech.sdeschmacsha256->shash; struct shash_desc *shash;
struct smb_rqst drqst; struct smb_rqst drqst;
ses = smb2_find_smb_ses(server, shdr->SessionId); ses = smb2_find_smb_ses(server, shdr->SessionId);
...@@ -185,7 +185,7 @@ smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server) ...@@ -185,7 +185,7 @@ smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
rc = smb2_crypto_shash_allocate(server); rc = smb2_crypto_shash_allocate(server);
if (rc) { if (rc) {
cifs_dbg(VFS, "%s: shah256 alloc failed\n", __func__); cifs_dbg(VFS, "%s: sha256 alloc failed\n", __func__);
return rc; return rc;
} }
...@@ -196,6 +196,7 @@ smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server) ...@@ -196,6 +196,7 @@ smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
return rc; return rc;
} }
shash = &server->secmech.sdeschmacsha256->shash;
rc = crypto_shash_init(shash); rc = crypto_shash_init(shash);
if (rc) { if (rc) {
cifs_dbg(VFS, "%s: Could not init sha256", __func__); cifs_dbg(VFS, "%s: Could not init sha256", __func__);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment