cifs: ignore everything in SPNEGO blob after mechTypes

We've had several reports of people attempting to mount Windows 8 shares
and getting failures with a return code of -EINVAL. The default sec=
mode changed recently to sec=ntlmssp. With that, we expect and parse a
SPNEGO blob from the server in the NEGOTIATE reply.

The current decode_negTokenInit function first parses all of the
mechTypes and then tries to parse the rest of the negTokenInit reply.
The parser however currently expects a mechListMIC or nothing to follow the
mechTypes, but Windows 8 puts a mechToken field there instead to carry
some info for the new NegoEx stuff.

In practice, we don't do anything with the fields after the mechTypes
anyway so I don't see any real benefit in continuing to parse them.
This patch just has the kernel ignore the fields after the mechTypes.
We'll probably need to reinstate some of this if we ever want to support
NegoEx.

Reported-by: Jason Burgess <jason@jacknife2.dns2go.com>
Reported-by: Yan Li <elliot.li.tech@gmail.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Steve French <sfrench@us.ibm.com>

1 files changed, 5 insertions, 48 deletions

diff --git a/fs/cifs/asn1.c b/fs/cifs/asn1.c
index cfd1ce34e0bc..1d36db114772 100644
--- a/fs/cifs/asn1.c
+++ b/fs/cifs/asn1.c
@@ -614,53 +614,10 @@ decode_negTokenInit(unsigned char *security_blob, int length,
                 }
         }
 
-        /* mechlistMIC */
-        if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) {
-                /* Check if we have reached the end of the blob, but with
-                   no mechListMic (e.g. NTLMSSP instead of KRB5) */
-                if (ctx.error == ASN1_ERR_DEC_EMPTY)
-                        goto decode_negtoken_exit;
-                cFYI(1, "Error decoding last part negTokenInit exit3");
-                return 0;
-        } else if ((cls != ASN1_CTX) || (con != ASN1_CON)) {
-                /* tag = 3 indicating mechListMIC */
-                cFYI(1, "Exit 4 cls = %d con = %d tag = %d end = %p (%d)",
-                        cls, con, tag, end, *end);
-                return 0;
-        }
-
-        /* sequence */
-        if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) {
-                cFYI(1, "Error decoding last part negTokenInit exit5");
-                return 0;
-        } else if ((cls != ASN1_UNI) || (con != ASN1_CON)
-                   || (tag != ASN1_SEQ)) {
-                cFYI(1, "cls = %d con = %d tag = %d end = %p (%d)",
-                        cls, con, tag, end, *end);
-        }
-
-        /* sequence of */
-        if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) {
-                cFYI(1, "Error decoding last part negTokenInit exit 7");
-                return 0;
-        } else if ((cls != ASN1_CTX) || (con != ASN1_CON)) {
-                cFYI(1, "Exit 8 cls = %d con = %d tag = %d end = %p (%d)",
-                        cls, con, tag, end, *end);
-                return 0;
-        }
-
-        /* general string */
-        if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) {
-                cFYI(1, "Error decoding last part negTokenInit exit9");
-                return 0;
-        } else if ((cls != ASN1_UNI) || (con != ASN1_PRI)
-                   || (tag != ASN1_GENSTR)) {
-                cFYI(1, "Exit10 cls = %d con = %d tag = %d end = %p (%d)",
-                        cls, con, tag, end, *end);
-                return 0;
-        }
-        cFYI(1, "Need to call asn1_octets_decode() function for %s",
-                ctx.pointer);   /* is this UTF-8 or ASCII? */
-decode_negtoken_exit:
+        /*
+         * We currently ignore anything at the end of the SPNEGO blob after
+         * the mechTypes have been parsed, since none of that info is
+         * used at the moment.
+         */
         return 1;
 }