diff options
author | Jeff Layton <jlayton@redhat.com> | 2012-01-17 16:09:15 -0500 |
---|---|---|
committer | Steve French <smfrench@gmail.com> | 2012-01-17 23:40:26 -0500 |
commit | 04febabcf55beeffb8794a0d8c539e571bd2ae29 (patch) | |
tree | 8727fdf5c811bab3d164293488cd5e1a3816276c | |
parent | 9f6ed2ca257fa8650b876377833e6f14e272848b (diff) |
cifs: sanitize username handling
Currently, it's not very clear whether you're allowed to have a NULL
vol->username or ses->user_name. Some places check for it and some don't.
Make it clear that a NULL pointer is OK in these fields, and ensure that
all the callers check for that.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <smfrench@gmail.com>
-rw-r--r-- | fs/cifs/cifs_spnego.c | 10 | ||||
-rw-r--r-- | fs/cifs/cifsencrypt.c | 11 | ||||
-rw-r--r-- | fs/cifs/connect.c | 19 |
3 files changed, 27 insertions, 13 deletions
diff --git a/fs/cifs/cifs_spnego.c b/fs/cifs/cifs_spnego.c index 2272fd5fe5b7..e622863b292f 100644 --- a/fs/cifs/cifs_spnego.c +++ b/fs/cifs/cifs_spnego.c | |||
@@ -113,9 +113,11 @@ cifs_get_spnego_key(struct cifs_ses *sesInfo) | |||
113 | MAX_MECH_STR_LEN + | 113 | MAX_MECH_STR_LEN + |
114 | UID_KEY_LEN + (sizeof(uid_t) * 2) + | 114 | UID_KEY_LEN + (sizeof(uid_t) * 2) + |
115 | CREDUID_KEY_LEN + (sizeof(uid_t) * 2) + | 115 | CREDUID_KEY_LEN + (sizeof(uid_t) * 2) + |
116 | USER_KEY_LEN + strlen(sesInfo->user_name) + | ||
117 | PID_KEY_LEN + (sizeof(pid_t) * 2) + 1; | 116 | PID_KEY_LEN + (sizeof(pid_t) * 2) + 1; |
118 | 117 | ||
118 | if (sesInfo->user_name) | ||
119 | desc_len += USER_KEY_LEN + strlen(sesInfo->user_name); | ||
120 | |||
119 | spnego_key = ERR_PTR(-ENOMEM); | 121 | spnego_key = ERR_PTR(-ENOMEM); |
120 | description = kzalloc(desc_len, GFP_KERNEL); | 122 | description = kzalloc(desc_len, GFP_KERNEL); |
121 | if (description == NULL) | 123 | if (description == NULL) |
@@ -152,8 +154,10 @@ cifs_get_spnego_key(struct cifs_ses *sesInfo) | |||
152 | dp = description + strlen(description); | 154 | dp = description + strlen(description); |
153 | sprintf(dp, ";creduid=0x%x", sesInfo->cred_uid); | 155 | sprintf(dp, ";creduid=0x%x", sesInfo->cred_uid); |
154 | 156 | ||
155 | dp = description + strlen(description); | 157 | if (sesInfo->user_name) { |
156 | sprintf(dp, ";user=%s", sesInfo->user_name); | 158 | dp = description + strlen(description); |
159 | sprintf(dp, ";user=%s", sesInfo->user_name); | ||
160 | } | ||
157 | 161 | ||
158 | dp = description + strlen(description); | 162 | dp = description + strlen(description); |
159 | sprintf(dp, ";pid=0x%x", current->pid); | 163 | sprintf(dp, ";pid=0x%x", current->pid); |
diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c index 5d9b9acc5fce..bce99e6a4950 100644 --- a/fs/cifs/cifsencrypt.c +++ b/fs/cifs/cifsencrypt.c | |||
@@ -420,15 +420,20 @@ static int calc_ntlmv2_hash(struct cifs_ses *ses, char *ntlmv2_hash, | |||
420 | } | 420 | } |
421 | 421 | ||
422 | /* convert ses->user_name to unicode and uppercase */ | 422 | /* convert ses->user_name to unicode and uppercase */ |
423 | len = strlen(ses->user_name); | 423 | len = ses->user_name ? strlen(ses->user_name) : 0; |
424 | user = kmalloc(2 + (len * 2), GFP_KERNEL); | 424 | user = kmalloc(2 + (len * 2), GFP_KERNEL); |
425 | if (user == NULL) { | 425 | if (user == NULL) { |
426 | cERROR(1, "calc_ntlmv2_hash: user mem alloc failure\n"); | 426 | cERROR(1, "calc_ntlmv2_hash: user mem alloc failure\n"); |
427 | rc = -ENOMEM; | 427 | rc = -ENOMEM; |
428 | return rc; | 428 | return rc; |
429 | } | 429 | } |
430 | len = cifs_strtoUCS((__le16 *)user, ses->user_name, len, nls_cp); | 430 | |
431 | UniStrupr(user); | 431 | if (len) { |
432 | len = cifs_strtoUCS((__le16 *)user, ses->user_name, len, nls_cp); | ||
433 | UniStrupr(user); | ||
434 | } else { | ||
435 | memset(user, '\0', 2); | ||
436 | } | ||
432 | 437 | ||
433 | rc = crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash, | 438 | rc = crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash, |
434 | (char *)user, 2 * len); | 439 | (char *)user, 2 * len); |
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index a66dcb52988c..b952a21e917b 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c | |||
@@ -1997,10 +1997,16 @@ static int match_session(struct cifs_ses *ses, struct smb_vol *vol) | |||
1997 | return 0; | 1997 | return 0; |
1998 | break; | 1998 | break; |
1999 | default: | 1999 | default: |
2000 | /* NULL username means anonymous session */ | ||
2001 | if (ses->user_name == NULL) { | ||
2002 | if (!vol->nullauth) | ||
2003 | return 0; | ||
2004 | break; | ||
2005 | } | ||
2006 | |||
2000 | /* anything else takes username/password */ | 2007 | /* anything else takes username/password */ |
2001 | if (ses->user_name == NULL) | 2008 | if (strncmp(ses->user_name, |
2002 | return 0; | 2009 | vol->username ? vol->username : "", |
2003 | if (strncmp(ses->user_name, vol->username, | ||
2004 | MAX_USERNAME_SIZE)) | 2010 | MAX_USERNAME_SIZE)) |
2005 | return 0; | 2011 | return 0; |
2006 | if (strlen(vol->username) != 0 && | 2012 | if (strlen(vol->username) != 0 && |
@@ -3167,10 +3173,9 @@ cifs_setup_volume_info(struct smb_vol *volume_info, char *mount_data, | |||
3167 | return -EINVAL; | 3173 | return -EINVAL; |
3168 | 3174 | ||
3169 | if (volume_info->nullauth) { | 3175 | if (volume_info->nullauth) { |
3170 | cFYI(1, "null user"); | 3176 | cFYI(1, "Anonymous login"); |
3171 | volume_info->username = kzalloc(1, GFP_KERNEL); | 3177 | kfree(volume_info->username); |
3172 | if (volume_info->username == NULL) | 3178 | volume_info->username = NULL; |
3173 | return -ENOMEM; | ||
3174 | } else if (volume_info->username) { | 3179 | } else if (volume_info->username) { |
3175 | /* BB fixme parse for domain name here */ | 3180 | /* BB fixme parse for domain name here */ |
3176 | cFYI(1, "Username: %s", volume_info->username); | 3181 | cFYI(1, "Username: %s", volume_info->username); |