aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2011-09-20 13:28:52 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2011-09-20 13:28:52 -0400
commit2838888f3f268344d42ac088c8abcff91c505ced (patch)
tree764c6557d37d6c80e4cbab852005c55f7b820b94
parentd006de93531a9876b26919e9d2bbf562654ab736 (diff)
parentcfbd6f84c2e26c13ded16b6bb0871edb7d75974f (diff)
Merge git://git.samba.org/sfrench/cifs-2.6
* git://git.samba.org/sfrench/cifs-2.6: cifs: Fix broken sec=ntlmv2/i sec option (try #2) Fix the conflict between rwpidforward and rw mount options CIFS: Fix ERR_PTR dereference in cifs_get_root cifs: fix possible memory corruption in CIFSFindNext
Diffstat
-rw-r--r--fs/cifs/cifsencrypt.c54
-rw-r--r--fs/cifs/cifsfs.c10
-rw-r--r--fs/cifs/cifssmb.c3
-rw-r--r--fs/cifs/connect.c4
4 files changed, 21 insertions, 50 deletions
diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c
index e76bfeb68267..30acd22147e1 100644
--- a/fs/cifs/cifsencrypt.c
+++ b/fs/cifs/cifsencrypt.c
@@ -351,9 +351,7 @@ static int
351build_avpair_blob(struct cifs_ses *ses, const struct nls_table *nls_cp) 351build_avpair_blob(struct cifs_ses *ses, const struct nls_table *nls_cp)
352{ 352{
353 unsigned int dlen; 353 unsigned int dlen;
354 unsigned int wlen; 354 unsigned int size = 2 * sizeof(struct ntlmssp2_name);
355 unsigned int size = 6 * sizeof(struct ntlmssp2_name);
356 __le64 curtime;
357 char *defdmname = "WORKGROUP"; 355 char *defdmname = "WORKGROUP";
358 unsigned char *blobptr; 356 unsigned char *blobptr;
359 struct ntlmssp2_name *attrptr; 357 struct ntlmssp2_name *attrptr;
@@ -365,15 +363,14 @@ build_avpair_blob(struct cifs_ses *ses, const struct nls_table *nls_cp)
365 } 363 }
366 364
367 dlen = strlen(ses->domainName); 365 dlen = strlen(ses->domainName);
368 wlen = strlen(ses->server->hostname);
369 366
370 /* The length of this blob is a size which is 367 /*
371 * six times the size of a structure which holds name/size + 368 * The length of this blob is two times the size of a
372 * two times the unicode length of a domain name + 369 * structure (av pair) which holds name/size
373 * two times the unicode length of a server name + 370 * ( for NTLMSSP_AV_NB_DOMAIN_NAME followed by NTLMSSP_AV_EOL ) +
374 * size of a timestamp (which is 8 bytes). 371 * unicode length of a netbios domain name
375 */ 372 */
376 ses->auth_key.len = size + 2 * (2 * dlen) + 2 * (2 * wlen) + 8; 373 ses->auth_key.len = size + 2 * dlen;
377 ses->auth_key.response = kzalloc(ses->auth_key.len, GFP_KERNEL); 374 ses->auth_key.response = kzalloc(ses->auth_key.len, GFP_KERNEL);
378 if (!ses->auth_key.response) { 375 if (!ses->auth_key.response) {
379 ses->auth_key.len = 0; 376 ses->auth_key.len = 0;
@@ -384,44 +381,15 @@ build_avpair_blob(struct cifs_ses *ses, const struct nls_table *nls_cp)
384 blobptr = ses->auth_key.response; 381 blobptr = ses->auth_key.response;
385 attrptr = (struct ntlmssp2_name *) blobptr; 382 attrptr = (struct ntlmssp2_name *) blobptr;
386 383
384 /*
385 * As defined in MS-NTLM 3.3.2, just this av pair field
386 * is sufficient as part of the temp
387 */
387 attrptr->type = cpu_to_le16(NTLMSSP_AV_NB_DOMAIN_NAME); 388 attrptr->type = cpu_to_le16(NTLMSSP_AV_NB_DOMAIN_NAME);
388 attrptr->length = cpu_to_le16(2 * dlen); 389 attrptr->length = cpu_to_le16(2 * dlen);
389 blobptr = (unsigned char *)attrptr + sizeof(struct ntlmssp2_name); 390 blobptr = (unsigned char *)attrptr + sizeof(struct ntlmssp2_name);
390 cifs_strtoUCS((__le16 *)blobptr, ses->domainName, dlen, nls_cp); 391 cifs_strtoUCS((__le16 *)blobptr, ses->domainName, dlen, nls_cp);
391 392
392 blobptr += 2 * dlen;
393 attrptr = (struct ntlmssp2_name *) blobptr;
394
395 attrptr->type = cpu_to_le16(NTLMSSP_AV_NB_COMPUTER_NAME);
396 attrptr->length = cpu_to_le16(2 * wlen);
397 blobptr = (unsigned char *)attrptr + sizeof(struct ntlmssp2_name);
398 cifs_strtoUCS((__le16 *)blobptr, ses->server->hostname, wlen, nls_cp);
399
400 blobptr += 2 * wlen;
401 attrptr = (struct ntlmssp2_name *) blobptr;
402
403 attrptr->type = cpu_to_le16(NTLMSSP_AV_DNS_DOMAIN_NAME);
404 attrptr->length = cpu_to_le16(2 * dlen);
405 blobptr = (unsigned char *)attrptr + sizeof(struct ntlmssp2_name);
406 cifs_strtoUCS((__le16 *)blobptr, ses->domainName, dlen, nls_cp);
407
408 blobptr += 2 * dlen;
409 attrptr = (struct ntlmssp2_name *) blobptr;
410
411 attrptr->type = cpu_to_le16(NTLMSSP_AV_DNS_COMPUTER_NAME);
412 attrptr->length = cpu_to_le16(2 * wlen);
413 blobptr = (unsigned char *)attrptr + sizeof(struct ntlmssp2_name);
414 cifs_strtoUCS((__le16 *)blobptr, ses->server->hostname, wlen, nls_cp);
415
416 blobptr += 2 * wlen;
417 attrptr = (struct ntlmssp2_name *) blobptr;
418
419 attrptr->type = cpu_to_le16(NTLMSSP_AV_TIMESTAMP);
420 attrptr->length = cpu_to_le16(sizeof(__le64));
421 blobptr = (unsigned char *)attrptr + sizeof(struct ntlmssp2_name);
422 curtime = cpu_to_le64(cifs_UnixTimeToNT(CURRENT_TIME));
423 memcpy(blobptr, &curtime, sizeof(__le64));
424
425 return 0; 393 return 0;
426} 394}
427 395
diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c
index f93eb948d071..54b8f1e7da94 100644
--- a/fs/cifs/cifsfs.c
+++ b/fs/cifs/cifsfs.c
@@ -548,6 +548,12 @@ cifs_get_root(struct smb_vol *vol, struct super_block *sb)
548 struct inode *dir = dentry->d_inode; 548 struct inode *dir = dentry->d_inode;
549 struct dentry *child; 549 struct dentry *child;
550 550
551 if (!dir) {
552 dput(dentry);
553 dentry = ERR_PTR(-ENOENT);
554 break;
555 }
556
551 /* skip separators */ 557 /* skip separators */
552 while (*s == sep) 558 while (*s == sep)
553 s++; 559 s++;
@@ -563,10 +569,6 @@ cifs_get_root(struct smb_vol *vol, struct super_block *sb)
563 mutex_unlock(&dir->i_mutex); 569 mutex_unlock(&dir->i_mutex);
564 dput(dentry); 570 dput(dentry);
565 dentry = child; 571 dentry = child;
566 if (!dentry->d_inode) {
567 dput(dentry);
568 dentry = ERR_PTR(-ENOENT);
569 }
570 } while (!IS_ERR(dentry)); 572 } while (!IS_ERR(dentry));
571 _FreeXid(xid); 573 _FreeXid(xid);
572 kfree(full_path); 574 kfree(full_path);
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
index aac37d99a487..a80f7bd97b90 100644
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -4079,7 +4079,8 @@ int CIFSFindNext(const int xid, struct cifs_tcon *tcon,
4079 T2_FNEXT_RSP_PARMS *parms; 4079 T2_FNEXT_RSP_PARMS *parms;
4080 char *response_data; 4080 char *response_data;
4081 int rc = 0; 4081 int rc = 0;
4082 int bytes_returned, name_len; 4082 int bytes_returned;
4083 unsigned int name_len;
4083 __u16 params, byte_count; 4084 __u16 params, byte_count;
4084 4085
4085 cFYI(1, "In FindNext"); 4086 cFYI(1, "In FindNext");
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 633c246b6775..f4af4cc37500 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -1298,7 +1298,7 @@ cifs_parse_mount_options(const char *mountdata, const char *devname,
1298 /* ignore */ 1298 /* ignore */
1299 } else if (strnicmp(data, "guest", 5) == 0) { 1299 } else if (strnicmp(data, "guest", 5) == 0) {
1300 /* ignore */ 1300 /* ignore */
1301 } else if (strnicmp(data, "rw", 2) == 0) { 1301 } else if (strnicmp(data, "rw", 2) == 0 && strlen(data) == 2) {
1302 /* ignore */ 1302 /* ignore */
1303 } else if (strnicmp(data, "ro", 2) == 0) { 1303 } else if (strnicmp(data, "ro", 2) == 0) {
1304 /* ignore */ 1304 /* ignore */
@@ -1401,7 +1401,7 @@ cifs_parse_mount_options(const char *mountdata, const char *devname,
1401 vol->server_ino = 1; 1401 vol->server_ino = 1;
1402 } else if (strnicmp(data, "noserverino", 9) == 0) { 1402 } else if (strnicmp(data, "noserverino", 9) == 0) {
1403 vol->server_ino = 0; 1403 vol->server_ino = 0;
1404 } else if (strnicmp(data, "rwpidforward", 4) == 0) { 1404 } else if (strnicmp(data, "rwpidforward", 12) == 0) {
1405 vol->rwpidforward = 1; 1405 vol->rwpidforward = 1;
1406 } else if (strnicmp(data, "cifsacl", 7) == 0) { 1406 } else if (strnicmp(data, "cifsacl", 7) == 0) {
1407 vol->cifs_acl = 1; 1407 vol->cifs_acl = 1;
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-18 19:55:50 -0500