Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2838888f authored by Linus Torvalds's avatar Linus Torvalds
Browse files
* git://git.samba.org/sfrench/cifs-2.6:
  cifs: Fix broken sec=ntlmv2/i sec option (try #2)
  Fix the conflict between rwpidforward and rw mount options
  CIFS: Fix ERR_PTR dereference in cifs_get_root
  cifs: fix possible memory corruption in CIFSFindNext
parents d006de93 cfbd6f84
Loading
Loading
Loading
Loading
+11 −43
Original line number Original line Diff line number Diff line
@@ -351,9 +351,7 @@ static int
build_avpair_blob(struct cifs_ses *ses, const struct nls_table *nls_cp)
build_avpair_blob(struct cifs_ses *ses, const struct nls_table *nls_cp)
{
{
	unsigned int dlen;
	unsigned int dlen;
	unsigned int wlen;
	unsigned int size = 2 * sizeof(struct ntlmssp2_name);
	unsigned int size = 6 * sizeof(struct ntlmssp2_name);
	__le64  curtime;
	char *defdmname = "WORKGROUP";
	char *defdmname = "WORKGROUP";
	unsigned char *blobptr;
	unsigned char *blobptr;
	struct ntlmssp2_name *attrptr;
	struct ntlmssp2_name *attrptr;
@@ -365,15 +363,14 @@ build_avpair_blob(struct cifs_ses *ses, const struct nls_table *nls_cp)
	}
	}


	dlen = strlen(ses->domainName);
	dlen = strlen(ses->domainName);
	wlen = strlen(ses->server->hostname);


	/* The length of this blob is a size which is
	/*
	 * six times the size of a structure which holds name/size +
	 * The length of this blob is two times the size of a
	 * two times the unicode length of a domain name +
	 * structure (av pair) which holds name/size
	 * two times the unicode length of a server name +
	 * ( for NTLMSSP_AV_NB_DOMAIN_NAME followed by NTLMSSP_AV_EOL ) +
	 * size of a timestamp (which is 8 bytes).
	 * unicode length of a netbios domain name
	 */
	 */
	ses->auth_key.len = size + 2 * (2 * dlen) + 2 * (2 * wlen) + 8;
	ses->auth_key.len = size + 2 * dlen;
	ses->auth_key.response = kzalloc(ses->auth_key.len, GFP_KERNEL);
	ses->auth_key.response = kzalloc(ses->auth_key.len, GFP_KERNEL);
	if (!ses->auth_key.response) {
	if (!ses->auth_key.response) {
		ses->auth_key.len = 0;
		ses->auth_key.len = 0;
@@ -384,44 +381,15 @@ build_avpair_blob(struct cifs_ses *ses, const struct nls_table *nls_cp)
	blobptr = ses->auth_key.response;
	blobptr = ses->auth_key.response;
	attrptr = (struct ntlmssp2_name *) blobptr;
	attrptr = (struct ntlmssp2_name *) blobptr;


	/*
	 * As defined in MS-NTLM 3.3.2, just this av pair field
	 * is sufficient as part of the temp
	 */
	attrptr->type = cpu_to_le16(NTLMSSP_AV_NB_DOMAIN_NAME);
	attrptr->type = cpu_to_le16(NTLMSSP_AV_NB_DOMAIN_NAME);
	attrptr->length = cpu_to_le16(2 * dlen);
	attrptr->length = cpu_to_le16(2 * dlen);
	blobptr = (unsigned char *)attrptr + sizeof(struct ntlmssp2_name);
	blobptr = (unsigned char *)attrptr + sizeof(struct ntlmssp2_name);
	cifs_strtoUCS((__le16 *)blobptr, ses->domainName, dlen, nls_cp);
	cifs_strtoUCS((__le16 *)blobptr, ses->domainName, dlen, nls_cp);


	blobptr += 2 * dlen;
	attrptr = (struct ntlmssp2_name *) blobptr;

	attrptr->type = cpu_to_le16(NTLMSSP_AV_NB_COMPUTER_NAME);
	attrptr->length = cpu_to_le16(2 * wlen);
	blobptr = (unsigned char *)attrptr + sizeof(struct ntlmssp2_name);
	cifs_strtoUCS((__le16 *)blobptr, ses->server->hostname, wlen, nls_cp);

	blobptr += 2 * wlen;
	attrptr = (struct ntlmssp2_name *) blobptr;

	attrptr->type = cpu_to_le16(NTLMSSP_AV_DNS_DOMAIN_NAME);
	attrptr->length = cpu_to_le16(2 * dlen);
	blobptr = (unsigned char *)attrptr + sizeof(struct ntlmssp2_name);
	cifs_strtoUCS((__le16 *)blobptr, ses->domainName, dlen, nls_cp);

	blobptr += 2 * dlen;
	attrptr = (struct ntlmssp2_name *) blobptr;

	attrptr->type = cpu_to_le16(NTLMSSP_AV_DNS_COMPUTER_NAME);
	attrptr->length = cpu_to_le16(2 * wlen);
	blobptr = (unsigned char *)attrptr + sizeof(struct ntlmssp2_name);
	cifs_strtoUCS((__le16 *)blobptr, ses->server->hostname, wlen, nls_cp);

	blobptr += 2 * wlen;
	attrptr = (struct ntlmssp2_name *) blobptr;

	attrptr->type = cpu_to_le16(NTLMSSP_AV_TIMESTAMP);
	attrptr->length = cpu_to_le16(sizeof(__le64));
	blobptr = (unsigned char *)attrptr + sizeof(struct ntlmssp2_name);
	curtime = cpu_to_le64(cifs_UnixTimeToNT(CURRENT_TIME));
	memcpy(blobptr, &curtime, sizeof(__le64));

	return 0;
	return 0;
}
}


+6 −4
Original line number Original line Diff line number Diff line
@@ -548,6 +548,12 @@ cifs_get_root(struct smb_vol *vol, struct super_block *sb)
		struct inode *dir = dentry->d_inode;
		struct inode *dir = dentry->d_inode;
		struct dentry *child;
		struct dentry *child;


		if (!dir) {
			dput(dentry);
			dentry = ERR_PTR(-ENOENT);
			break;
		}

		/* skip separators */
		/* skip separators */
		while (*s == sep)
		while (*s == sep)
			s++;
			s++;
@@ -563,10 +569,6 @@ cifs_get_root(struct smb_vol *vol, struct super_block *sb)
		mutex_unlock(&dir->i_mutex);
		mutex_unlock(&dir->i_mutex);
		dput(dentry);
		dput(dentry);
		dentry = child;
		dentry = child;
		if (!dentry->d_inode) {
			dput(dentry);
			dentry = ERR_PTR(-ENOENT);
		}
	} while (!IS_ERR(dentry));
	} while (!IS_ERR(dentry));
	_FreeXid(xid);
	_FreeXid(xid);
	kfree(full_path);
	kfree(full_path);
+2 −1
Original line number Original line Diff line number Diff line
@@ -4079,7 +4079,8 @@ int CIFSFindNext(const int xid, struct cifs_tcon *tcon,
	T2_FNEXT_RSP_PARMS *parms;
	T2_FNEXT_RSP_PARMS *parms;
	char *response_data;
	char *response_data;
	int rc = 0;
	int rc = 0;
	int bytes_returned, name_len;
	int bytes_returned;
	unsigned int name_len;
	__u16 params, byte_count;
	__u16 params, byte_count;


	cFYI(1, "In FindNext");
	cFYI(1, "In FindNext");
+2 −2
Original line number Original line Diff line number Diff line
@@ -1298,7 +1298,7 @@ cifs_parse_mount_options(const char *mountdata, const char *devname,
			/* ignore */
			/* ignore */
		} else if (strnicmp(data, "guest", 5) == 0) {
		} else if (strnicmp(data, "guest", 5) == 0) {
			/* ignore */
			/* ignore */
		} else if (strnicmp(data, "rw", 2) == 0) {
		} else if (strnicmp(data, "rw", 2) == 0 && strlen(data) == 2) {
			/* ignore */
			/* ignore */
		} else if (strnicmp(data, "ro", 2) == 0) {
		} else if (strnicmp(data, "ro", 2) == 0) {
			/* ignore */
			/* ignore */
@@ -1401,7 +1401,7 @@ cifs_parse_mount_options(const char *mountdata, const char *devname,
			vol->server_ino = 1;
			vol->server_ino = 1;
		} else if (strnicmp(data, "noserverino", 9) == 0) {
		} else if (strnicmp(data, "noserverino", 9) == 0) {
			vol->server_ino = 0;
			vol->server_ino = 0;
		} else if (strnicmp(data, "rwpidforward", 4) == 0) {
		} else if (strnicmp(data, "rwpidforward", 12) == 0) {
			vol->rwpidforward = 1;
			vol->rwpidforward = 1;
		} else if (strnicmp(data, "cifsacl", 7) == 0) {
		} else if (strnicmp(data, "cifsacl", 7) == 0) {
			vol->cifs_acl = 1;
			vol->cifs_acl = 1;