OpenAFS Master Repository branch, master, updated. openafs-devel-1_5_74_1-219-gb9ef205

Gerrit Code Review
Thu, 10 Jun 2010 09:52:34 -0700 (PDT)

The following commit has been merged in the master branch:
commit b9ef2051c5affe597995df530a386baaa9807a9e
Author: Jeffrey Altman <>
Date:   Wed Jun 9 13:55:14 2010 -0400

    Windows: Revise SMB QuerySecurityInfo for MS10-020
    MS10-020 ( has caused
    many problems for implementors of SMB 1.0 servers and applications
    that call GetFileSecurity() without checking the return code to
    determine if the call succeeded.  The gist of the vulnerability
    was that the SMB redirector would pass any buffer it received
    to the application regardless of whether or not it was valid.
    MS10-020 protects the applications by strictly validating the
    SMB response data structure and the data in the security descriptor
    that is returned.
    The problem for SMB 1.0 server implementors is that there have
    been at least three different protocol descriptions for
    NT_TRANSACT_QUERY_SECURITY_DESC published over the last decade
    and all of them are incomplete.  Therefore, just about no one but
    Microsoft has an SMB 1.0 server implementation that produces the
    exact out that they are expecting to validate.
    The end result is that in an attempt to protect applications from
    crashing due to invalid input being passed in directly caused
    dozens of applications to crash by not returning any security
    descriptor data at all.  Even when the applications didn't crash
    they might not have been able to save their data.  Cisco WAAS
    and NetApp DataOnTap systems were most adversely affected and
    they have had CIFS protocol licenses for many many years.
    To fix OpenAFS here is what needed to be done:
    1. Instead of returning a security descriptor that gives ownership
       to the NUL SID, give it to the Everyone SID and set the flag
       that states that everyone has full access.
    2. Validate the input parameters.  In particular, check to ensure
       that the SMB file descriptor is valid and the file has not
       been deleted.
    3. Enforce the maximum output data and parameter counts.
    4. Handle buffer overflow and buffertoosmall conditions
       in the manner that Microsoft expects them to be handled.
       In particular, note that the parameter data which is returned
       in the SMB Data Region is not counted in the Data Count.
       Even if MaxData is 0, we can still return parameters values
       as long as MaxParm is large enough.
    Change-Id: I95034bc6f24a282decc507edcffb93bc58b986be
    Tested-by: Jeffrey Altman <>
    Reviewed-by: Derrick Brashear <>
    Reviewed-by: Asanka Herath <>
    Reviewed-by: Jeffrey Altman <>

 src/WINNT/afsd/cm.h   |    1 +
 src/WINNT/afsd/smb.c  |    3 +
 src/WINNT/afsd/smb3.c |  158 ++++++++++++++++++++++++++++++++++++++----------
 3 files changed, 129 insertions(+), 33 deletions(-)

OpenAFS Master Repository