From 59131d6c345864dcf1ed3331c52ce35ddc5db2dc Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Wed, 21 Jun 2023 15:10:58 +0200 Subject: [PATCH 3/5] CVE-2023-3347: smbd: inline smb2_srv_init_signing() code in srv_init_signing() It's now a one-line function, imho the overall code is simpler if that code is just inlined. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15397 Signed-off-by: Ralph Boehme --- source3/smbd/proto.h | 2 -- source3/smbd/smb2_signing.c | 19 ++++++------------- 2 files changed, 6 insertions(+), 15 deletions(-) diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h index 3884617e77b..78e1b48be09 100644 --- a/source3/smbd/proto.h +++ b/source3/smbd/proto.h @@ -52,8 +52,6 @@ struct dcesrv_context; /* The following definitions come from smbd/smb2_signing.c */ -bool smb2_srv_init_signing(struct loadparm_context *lp_ctx, - struct smbXsrv_connection *conn); bool srv_init_signing(struct smbXsrv_connection *conn); /* The following definitions come from smbd/aio.c */ diff --git a/source3/smbd/smb2_signing.c b/source3/smbd/smb2_signing.c index c1f876f9cd7..ef4a54d5710 100644 --- a/source3/smbd/smb2_signing.c +++ b/source3/smbd/smb2_signing.c @@ -26,21 +26,10 @@ #include "lib/param/param.h" #include "smb2_signing.h" -bool smb2_srv_init_signing(struct loadparm_context *lp_ctx, - struct smbXsrv_connection *conn) -{ - /* - * For SMB2 all we need to know is if signing is mandatory. - * It is always allowed and desired, whatever the smb.conf says. - */ - (void)lpcfg_server_signing_allowed(lp_ctx, &conn->smb2.signing_mandatory); - return true; -} - bool srv_init_signing(struct smbXsrv_connection *conn) { struct loadparm_context *lp_ctx = NULL; - bool ok; + bool ok = true; lp_ctx = loadparm_init_s3(conn, loadparm_s3_helpers()); if (lp_ctx == NULL) { @@ -51,7 +40,11 @@ bool srv_init_signing(struct smbXsrv_connection *conn) #if defined(WITH_SMB1SERVER) if (conn->protocol >= PROTOCOL_SMB2_02) { #endif - ok = smb2_srv_init_signing(lp_ctx, conn); + /* + * For SMB2 all we need to know is if signing is mandatory. + * It is always allowed and desired, whatever the smb.conf says. + */ + (void)lpcfg_server_signing_allowed(lp_ctx, &conn->smb2.signing_mandatory); #if defined(WITH_SMB1SERVER) } else { ok = smb1_srv_init_signing(lp_ctx, conn); -- 2.39.3