aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJeff Layton <jlayton@redhat.com>2012-01-17 16:09:15 -0500
committerSteve French <smfrench@gmail.com>2012-01-17 23:40:26 -0500
commit04febabcf55beeffb8794a0d8c539e571bd2ae29 (patch)
tree8727fdf5c811bab3d164293488cd5e1a3816276c
parent9f6ed2ca257fa8650b876377833e6f14e272848b (diff)
cifs: sanitize username handling
Currently, it's not very clear whether you're allowed to have a NULL vol->username or ses->user_name. Some places check for it and some don't. Make it clear that a NULL pointer is OK in these fields, and ensure that all the callers check for that. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com>
-rw-r--r--fs/cifs/cifs_spnego.c10
-rw-r--r--fs/cifs/cifsencrypt.c11
-rw-r--r--fs/cifs/connect.c19
3 files changed, 27 insertions, 13 deletions
diff --git a/fs/cifs/cifs_spnego.c b/fs/cifs/cifs_spnego.c
index 2272fd5fe5b7..e622863b292f 100644
--- a/fs/cifs/cifs_spnego.c
+++ b/fs/cifs/cifs_spnego.c
@@ -113,9 +113,11 @@ cifs_get_spnego_key(struct cifs_ses *sesInfo)
113 MAX_MECH_STR_LEN + 113 MAX_MECH_STR_LEN +
114 UID_KEY_LEN + (sizeof(uid_t) * 2) + 114 UID_KEY_LEN + (sizeof(uid_t) * 2) +
115 CREDUID_KEY_LEN + (sizeof(uid_t) * 2) + 115 CREDUID_KEY_LEN + (sizeof(uid_t) * 2) +
116 USER_KEY_LEN + strlen(sesInfo->user_name) +
117 PID_KEY_LEN + (sizeof(pid_t) * 2) + 1; 116 PID_KEY_LEN + (sizeof(pid_t) * 2) + 1;
118 117
118 if (sesInfo->user_name)
119 desc_len += USER_KEY_LEN + strlen(sesInfo->user_name);
120
119 spnego_key = ERR_PTR(-ENOMEM); 121 spnego_key = ERR_PTR(-ENOMEM);
120 description = kzalloc(desc_len, GFP_KERNEL); 122 description = kzalloc(desc_len, GFP_KERNEL);
121 if (description == NULL) 123 if (description == NULL)
@@ -152,8 +154,10 @@ cifs_get_spnego_key(struct cifs_ses *sesInfo)
152 dp = description + strlen(description); 154 dp = description + strlen(description);
153 sprintf(dp, ";creduid=0x%x", sesInfo->cred_uid); 155 sprintf(dp, ";creduid=0x%x", sesInfo->cred_uid);
154 156
155 dp = description + strlen(description); 157 if (sesInfo->user_name) {
156 sprintf(dp, ";user=%s", sesInfo->user_name); 158 dp = description + strlen(description);
159 sprintf(dp, ";user=%s", sesInfo->user_name);
160 }
157 161
158 dp = description + strlen(description); 162 dp = description + strlen(description);
159 sprintf(dp, ";pid=0x%x", current->pid); 163 sprintf(dp, ";pid=0x%x", current->pid);
diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c
index 5d9b9acc5fce..bce99e6a4950 100644
--- a/fs/cifs/cifsencrypt.c
+++ b/fs/cifs/cifsencrypt.c
@@ -420,15 +420,20 @@ static int calc_ntlmv2_hash(struct cifs_ses *ses, char *ntlmv2_hash,
420 } 420 }
421 421
422 /* convert ses->user_name to unicode and uppercase */ 422 /* convert ses->user_name to unicode and uppercase */
423 len = strlen(ses->user_name); 423 len = ses->user_name ? strlen(ses->user_name) : 0;
424 user = kmalloc(2 + (len * 2), GFP_KERNEL); 424 user = kmalloc(2 + (len * 2), GFP_KERNEL);
425 if (user == NULL) { 425 if (user == NULL) {
426 cERROR(1, "calc_ntlmv2_hash: user mem alloc failure\n"); 426 cERROR(1, "calc_ntlmv2_hash: user mem alloc failure\n");
427 rc = -ENOMEM; 427 rc = -ENOMEM;
428 return rc; 428 return rc;
429 } 429 }
430 len = cifs_strtoUCS((__le16 *)user, ses->user_name, len, nls_cp); 430
431 UniStrupr(user); 431 if (len) {
432 len = cifs_strtoUCS((__le16 *)user, ses->user_name, len, nls_cp);
433 UniStrupr(user);
434 } else {
435 memset(user, '\0', 2);
436 }
432 437
433 rc = crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash, 438 rc = crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash,
434 (char *)user, 2 * len); 439 (char *)user, 2 * len);
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index a66dcb52988c..b952a21e917b 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -1997,10 +1997,16 @@ static int match_session(struct cifs_ses *ses, struct smb_vol *vol)
1997 return 0; 1997 return 0;
1998 break; 1998 break;
1999 default: 1999 default:
2000 /* NULL username means anonymous session */
2001 if (ses->user_name == NULL) {
2002 if (!vol->nullauth)
2003 return 0;
2004 break;
2005 }
2006
2000 /* anything else takes username/password */ 2007 /* anything else takes username/password */
2001 if (ses->user_name == NULL) 2008 if (strncmp(ses->user_name,
2002 return 0; 2009 vol->username ? vol->username : "",
2003 if (strncmp(ses->user_name, vol->username,
2004 MAX_USERNAME_SIZE)) 2010 MAX_USERNAME_SIZE))
2005 return 0; 2011 return 0;
2006 if (strlen(vol->username) != 0 && 2012 if (strlen(vol->username) != 0 &&
@@ -3167,10 +3173,9 @@ cifs_setup_volume_info(struct smb_vol *volume_info, char *mount_data,
3167 return -EINVAL; 3173 return -EINVAL;
3168 3174
3169 if (volume_info->nullauth) { 3175 if (volume_info->nullauth) {
3170 cFYI(1, "null user"); 3176 cFYI(1, "Anonymous login");
3171 volume_info->username = kzalloc(1, GFP_KERNEL); 3177 kfree(volume_info->username);
3172 if (volume_info->username == NULL) 3178 volume_info->username = NULL;
3173 return -ENOMEM;
3174 } else if (volume_info->username) { 3179 } else if (volume_info->username) {
3175 /* BB fixme parse for domain name here */ 3180 /* BB fixme parse for domain name here */
3176 cFYI(1, "Username: %s", volume_info->username); 3181 cFYI(1, "Username: %s", volume_info->username);