aboutsummaryrefslogtreecommitdiffstats
path: root/fs/cifs/sess.c
diff options
context:
space:
mode:
Diffstat (limited to 'fs/cifs/sess.c')
-rw-r--r--fs/cifs/sess.c45
1 files changed, 24 insertions, 21 deletions
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
index 4ec3ee9d72cc..551d0c2b9736 100644
--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c
@@ -167,16 +167,16 @@ unicode_oslm_strings(char **pbcc_area, const struct nls_table *nls_cp)
167 int bytes_ret = 0; 167 int bytes_ret = 0;
168 168
169 /* Copy OS version */ 169 /* Copy OS version */
170 bytes_ret = cifs_strtoUCS((__le16 *)bcc_ptr, "Linux version ", 32, 170 bytes_ret = cifs_strtoUTF16((__le16 *)bcc_ptr, "Linux version ", 32,
171 nls_cp); 171 nls_cp);
172 bcc_ptr += 2 * bytes_ret; 172 bcc_ptr += 2 * bytes_ret;
173 bytes_ret = cifs_strtoUCS((__le16 *) bcc_ptr, init_utsname()->release, 173 bytes_ret = cifs_strtoUTF16((__le16 *) bcc_ptr, init_utsname()->release,
174 32, nls_cp); 174 32, nls_cp);
175 bcc_ptr += 2 * bytes_ret; 175 bcc_ptr += 2 * bytes_ret;
176 bcc_ptr += 2; /* trailing null */ 176 bcc_ptr += 2; /* trailing null */
177 177
178 bytes_ret = cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS, 178 bytes_ret = cifs_strtoUTF16((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
179 32, nls_cp); 179 32, nls_cp);
180 bcc_ptr += 2 * bytes_ret; 180 bcc_ptr += 2 * bytes_ret;
181 bcc_ptr += 2; /* trailing null */ 181 bcc_ptr += 2; /* trailing null */
182 182
@@ -197,8 +197,8 @@ static void unicode_domain_string(char **pbcc_area, struct cifs_ses *ses,
197 *(bcc_ptr+1) = 0; 197 *(bcc_ptr+1) = 0;
198 bytes_ret = 0; 198 bytes_ret = 0;
199 } else 199 } else
200 bytes_ret = cifs_strtoUCS((__le16 *) bcc_ptr, ses->domainName, 200 bytes_ret = cifs_strtoUTF16((__le16 *) bcc_ptr, ses->domainName,
201 256, nls_cp); 201 256, nls_cp);
202 bcc_ptr += 2 * bytes_ret; 202 bcc_ptr += 2 * bytes_ret;
203 bcc_ptr += 2; /* account for null terminator */ 203 bcc_ptr += 2; /* account for null terminator */
204 204
@@ -226,8 +226,8 @@ static void unicode_ssetup_strings(char **pbcc_area, struct cifs_ses *ses,
226 *bcc_ptr = 0; 226 *bcc_ptr = 0;
227 *(bcc_ptr+1) = 0; 227 *(bcc_ptr+1) = 0;
228 } else { 228 } else {
229 bytes_ret = cifs_strtoUCS((__le16 *) bcc_ptr, ses->user_name, 229 bytes_ret = cifs_strtoUTF16((__le16 *) bcc_ptr, ses->user_name,
230 MAX_USERNAME_SIZE, nls_cp); 230 MAX_USERNAME_SIZE, nls_cp);
231 } 231 }
232 bcc_ptr += 2 * bytes_ret; 232 bcc_ptr += 2 * bytes_ret;
233 bcc_ptr += 2; /* account for null termination */ 233 bcc_ptr += 2; /* account for null termination */
@@ -246,16 +246,15 @@ static void ascii_ssetup_strings(char **pbcc_area, struct cifs_ses *ses,
246 /* copy user */ 246 /* copy user */
247 /* BB what about null user mounts - check that we do this BB */ 247 /* BB what about null user mounts - check that we do this BB */
248 /* copy user */ 248 /* copy user */
249 if (ses->user_name != NULL) 249 if (ses->user_name != NULL) {
250 strncpy(bcc_ptr, ses->user_name, MAX_USERNAME_SIZE); 250 strncpy(bcc_ptr, ses->user_name, MAX_USERNAME_SIZE);
251 bcc_ptr += strnlen(ses->user_name, MAX_USERNAME_SIZE);
252 }
251 /* else null user mount */ 253 /* else null user mount */
252
253 bcc_ptr += strnlen(ses->user_name, MAX_USERNAME_SIZE);
254 *bcc_ptr = 0; 254 *bcc_ptr = 0;
255 bcc_ptr++; /* account for null termination */ 255 bcc_ptr++; /* account for null termination */
256 256
257 /* copy domain */ 257 /* copy domain */
258
259 if (ses->domainName != NULL) { 258 if (ses->domainName != NULL) {
260 strncpy(bcc_ptr, ses->domainName, 256); 259 strncpy(bcc_ptr, ses->domainName, 256);
261 bcc_ptr += strnlen(ses->domainName, 256); 260 bcc_ptr += strnlen(ses->domainName, 256);
@@ -287,7 +286,7 @@ decode_unicode_ssetup(char **pbcc_area, int bleft, struct cifs_ses *ses,
287 cFYI(1, "bleft %d", bleft); 286 cFYI(1, "bleft %d", bleft);
288 287
289 kfree(ses->serverOS); 288 kfree(ses->serverOS);
290 ses->serverOS = cifs_strndup_from_ucs(data, bleft, true, nls_cp); 289 ses->serverOS = cifs_strndup_from_utf16(data, bleft, true, nls_cp);
291 cFYI(1, "serverOS=%s", ses->serverOS); 290 cFYI(1, "serverOS=%s", ses->serverOS);
292 len = (UniStrnlen((wchar_t *) data, bleft / 2) * 2) + 2; 291 len = (UniStrnlen((wchar_t *) data, bleft / 2) * 2) + 2;
293 data += len; 292 data += len;
@@ -296,7 +295,7 @@ decode_unicode_ssetup(char **pbcc_area, int bleft, struct cifs_ses *ses,
296 return; 295 return;
297 296
298 kfree(ses->serverNOS); 297 kfree(ses->serverNOS);
299 ses->serverNOS = cifs_strndup_from_ucs(data, bleft, true, nls_cp); 298 ses->serverNOS = cifs_strndup_from_utf16(data, bleft, true, nls_cp);
300 cFYI(1, "serverNOS=%s", ses->serverNOS); 299 cFYI(1, "serverNOS=%s", ses->serverNOS);
301 len = (UniStrnlen((wchar_t *) data, bleft / 2) * 2) + 2; 300 len = (UniStrnlen((wchar_t *) data, bleft / 2) * 2) + 2;
302 data += len; 301 data += len;
@@ -305,7 +304,7 @@ decode_unicode_ssetup(char **pbcc_area, int bleft, struct cifs_ses *ses,
305 return; 304 return;
306 305
307 kfree(ses->serverDomain); 306 kfree(ses->serverDomain);
308 ses->serverDomain = cifs_strndup_from_ucs(data, bleft, true, nls_cp); 307 ses->serverDomain = cifs_strndup_from_utf16(data, bleft, true, nls_cp);
309 cFYI(1, "serverDomain=%s", ses->serverDomain); 308 cFYI(1, "serverDomain=%s", ses->serverDomain);
310 309
311 return; 310 return;
@@ -395,6 +394,10 @@ static int decode_ntlmssp_challenge(char *bcc_ptr, int blob_len,
395 ses->ntlmssp->server_flags = le32_to_cpu(pblob->NegotiateFlags); 394 ses->ntlmssp->server_flags = le32_to_cpu(pblob->NegotiateFlags);
396 tioffset = le32_to_cpu(pblob->TargetInfoArray.BufferOffset); 395 tioffset = le32_to_cpu(pblob->TargetInfoArray.BufferOffset);
397 tilen = le16_to_cpu(pblob->TargetInfoArray.Length); 396 tilen = le16_to_cpu(pblob->TargetInfoArray.Length);
397 if (tioffset > blob_len || tioffset + tilen > blob_len) {
398 cERROR(1, "tioffset + tilen too high %u + %u", tioffset, tilen);
399 return -EINVAL;
400 }
398 if (tilen) { 401 if (tilen) {
399 ses->auth_key.response = kmalloc(tilen, GFP_KERNEL); 402 ses->auth_key.response = kmalloc(tilen, GFP_KERNEL);
400 if (!ses->auth_key.response) { 403 if (!ses->auth_key.response) {
@@ -502,8 +505,8 @@ static int build_ntlmssp_auth_blob(unsigned char *pbuffer,
502 tmp += 2; 505 tmp += 2;
503 } else { 506 } else {
504 int len; 507 int len;
505 len = cifs_strtoUCS((__le16 *)tmp, ses->domainName, 508 len = cifs_strtoUTF16((__le16 *)tmp, ses->domainName,
506 MAX_USERNAME_SIZE, nls_cp); 509 MAX_USERNAME_SIZE, nls_cp);
507 len *= 2; /* unicode is 2 bytes each */ 510 len *= 2; /* unicode is 2 bytes each */
508 sec_blob->DomainName.BufferOffset = cpu_to_le32(tmp - pbuffer); 511 sec_blob->DomainName.BufferOffset = cpu_to_le32(tmp - pbuffer);
509 sec_blob->DomainName.Length = cpu_to_le16(len); 512 sec_blob->DomainName.Length = cpu_to_le16(len);
@@ -518,8 +521,8 @@ static int build_ntlmssp_auth_blob(unsigned char *pbuffer,
518 tmp += 2; 521 tmp += 2;
519 } else { 522 } else {
520 int len; 523 int len;
521 len = cifs_strtoUCS((__le16 *)tmp, ses->user_name, 524 len = cifs_strtoUTF16((__le16 *)tmp, ses->user_name,
522 MAX_USERNAME_SIZE, nls_cp); 525 MAX_USERNAME_SIZE, nls_cp);
523 len *= 2; /* unicode is 2 bytes each */ 526 len *= 2; /* unicode is 2 bytes each */
524 sec_blob->UserName.BufferOffset = cpu_to_le32(tmp - pbuffer); 527 sec_blob->UserName.BufferOffset = cpu_to_le32(tmp - pbuffer);
525 sec_blob->UserName.Length = cpu_to_le16(len); 528 sec_blob->UserName.Length = cpu_to_le16(len);
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-28 17:13:44 -0500