From d2c3c0ccc6ec7f38b995545d31431d013bd7e047 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Mon, 4 Nov 2019 08:40:34 +0100
Subject: [PATCH 138/187] libcli:smb: Do not use gnutls_aead_cipher_encryptv2()
with GnuTLS 3.6.10
The gnutls_aead_cipher_encryptv2() implementation was released with a
bug. This wont be fixed before 3.6.11.
See https://gitlab.com/gnutls/gnutls/merge_requests/1085
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 176d0f0364bc1deb3c8df2f3bb928e01f89f216b)
---
libcli/smb/smb2_signing.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c
index 166ab9d83ff..7561a7a858d 100644
--- a/libcli/smb/smb2_signing.c
+++ b/libcli/smb/smb2_signing.c
@@ -478,7 +478,9 @@ NTSTATUS smb2_signing_encrypt_pdu(struct smb2_signing_key *encryption_key,
0,
16 - iv_size);
-#ifdef HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2
+/* gnutls_aead_cipher_encryptv2() has a bug in version 3.6.10 */
+#if defined(HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2) && \
+ GNUTLS_VERSION_NUMBER > 0x03060a
{
uint8_t tag[tag_size];
giovec_t auth_iov[1];
@@ -679,7 +681,9 @@ NTSTATUS smb2_signing_decrypt_pdu(struct smb2_signing_key *decryption_key,
}
}
-#ifdef HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2
+/* gnutls_aead_cipher_encryptv2() has a bug in version 3.6.10 */
+#if defined(HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2) && \
+ GNUTLS_VERSION_NUMBER > 0x03060a
{
giovec_t auth_iov[1];
--
2.23.0