aboutsummaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2012-11-10 00:59:35 -0500
committerLinus Torvalds <torvalds@linux-foundation.org>2012-11-10 00:59:35 -0500
commitaffd9a8dbc22beadae1186aa060685d6f6a06792 (patch)
tree38979f4809c5364420035a036b594fef2d7fc539 /fs
parent487bda54d776f2ff094b5498429c1a85da165723 (diff)
parent3798f47aa276b332c30da499cb4df4577e2f8872 (diff)
Merge branch 'for-linus' of git://git.samba.org/sfrench/cifs-2.6
Pull cifs fixes from Jeff Layton. * 'for-linus' of git://git.samba.org/sfrench/cifs-2.6: cifs: Do not lookup hashed negative dentry in cifs_atomic_open cifs: fix potential buffer overrun in cifs.idmap handling code
Diffstat (limited to 'fs')
-rw-r--r--fs/cifs/cifsacl.c49
-rw-r--r--fs/cifs/dir.c11
2 files changed, 30 insertions, 30 deletions
diff --git a/fs/cifs/cifsacl.c b/fs/cifs/cifsacl.c
index fc783e264420..0fb15bbbe43c 100644
--- a/fs/cifs/cifsacl.c
+++ b/fs/cifs/cifsacl.c
@@ -225,6 +225,13 @@ sid_to_str(struct cifs_sid *sidptr, char *sidstr)
225} 225}
226 226
227static void 227static void
228cifs_copy_sid(struct cifs_sid *dst, const struct cifs_sid *src)
229{
230 memcpy(dst, src, sizeof(*dst));
231 dst->num_subauth = min_t(u8, src->num_subauth, NUM_SUBAUTHS);
232}
233
234static void
228id_rb_insert(struct rb_root *root, struct cifs_sid *sidptr, 235id_rb_insert(struct rb_root *root, struct cifs_sid *sidptr,
229 struct cifs_sid_id **psidid, char *typestr) 236 struct cifs_sid_id **psidid, char *typestr)
230{ 237{
@@ -248,7 +255,7 @@ id_rb_insert(struct rb_root *root, struct cifs_sid *sidptr,
248 } 255 }
249 } 256 }
250 257
251 memcpy(&(*psidid)->sid, sidptr, sizeof(struct cifs_sid)); 258 cifs_copy_sid(&(*psidid)->sid, sidptr);
252 (*psidid)->time = jiffies - (SID_MAP_RETRY + 1); 259 (*psidid)->time = jiffies - (SID_MAP_RETRY + 1);
253 (*psidid)->refcount = 0; 260 (*psidid)->refcount = 0;
254 261
@@ -354,7 +361,7 @@ id_to_sid(unsigned long cid, uint sidtype, struct cifs_sid *ssid)
354 * any fields of the node after a reference is put . 361 * any fields of the node after a reference is put .
355 */ 362 */
356 if (test_bit(SID_ID_MAPPED, &psidid->state)) { 363 if (test_bit(SID_ID_MAPPED, &psidid->state)) {
357 memcpy(ssid, &psidid->sid, sizeof(struct cifs_sid)); 364 cifs_copy_sid(ssid, &psidid->sid);
358 psidid->time = jiffies; /* update ts for accessing */ 365 psidid->time = jiffies; /* update ts for accessing */
359 goto id_sid_out; 366 goto id_sid_out;
360 } 367 }
@@ -370,14 +377,14 @@ id_to_sid(unsigned long cid, uint sidtype, struct cifs_sid *ssid)
370 if (IS_ERR(sidkey)) { 377 if (IS_ERR(sidkey)) {
371 rc = -EINVAL; 378 rc = -EINVAL;
372 cFYI(1, "%s: Can't map and id to a SID", __func__); 379 cFYI(1, "%s: Can't map and id to a SID", __func__);
380 } else if (sidkey->datalen < sizeof(struct cifs_sid)) {
381 rc = -EIO;
382 cFYI(1, "%s: Downcall contained malformed key "
383 "(datalen=%hu)", __func__, sidkey->datalen);
373 } else { 384 } else {
374 lsid = (struct cifs_sid *)sidkey->payload.data; 385 lsid = (struct cifs_sid *)sidkey->payload.data;
375 memcpy(&psidid->sid, lsid, 386 cifs_copy_sid(&psidid->sid, lsid);
376 sidkey->datalen < sizeof(struct cifs_sid) ? 387 cifs_copy_sid(ssid, &psidid->sid);
377 sidkey->datalen : sizeof(struct cifs_sid));
378 memcpy(ssid, &psidid->sid,
379 sidkey->datalen < sizeof(struct cifs_sid) ?
380 sidkey->datalen : sizeof(struct cifs_sid));
381 set_bit(SID_ID_MAPPED, &psidid->state); 388 set_bit(SID_ID_MAPPED, &psidid->state);
382 key_put(sidkey); 389 key_put(sidkey);
383 kfree(psidid->sidstr); 390 kfree(psidid->sidstr);
@@ -396,7 +403,7 @@ id_to_sid(unsigned long cid, uint sidtype, struct cifs_sid *ssid)
396 return rc; 403 return rc;
397 } 404 }
398 if (test_bit(SID_ID_MAPPED, &psidid->state)) 405 if (test_bit(SID_ID_MAPPED, &psidid->state))
399 memcpy(ssid, &psidid->sid, sizeof(struct cifs_sid)); 406 cifs_copy_sid(ssid, &psidid->sid);
400 else 407 else
401 rc = -EINVAL; 408 rc = -EINVAL;
402 } 409 }
@@ -675,8 +682,6 @@ int compare_sids(const struct cifs_sid *ctsid, const struct cifs_sid *cwsid)
675static void copy_sec_desc(const struct cifs_ntsd *pntsd, 682static void copy_sec_desc(const struct cifs_ntsd *pntsd,
676 struct cifs_ntsd *pnntsd, __u32 sidsoffset) 683 struct cifs_ntsd *pnntsd, __u32 sidsoffset)
677{ 684{
678 int i;
679
680 struct cifs_sid *owner_sid_ptr, *group_sid_ptr; 685 struct cifs_sid *owner_sid_ptr, *group_sid_ptr;
681 struct cifs_sid *nowner_sid_ptr, *ngroup_sid_ptr; 686 struct cifs_sid *nowner_sid_ptr, *ngroup_sid_ptr;
682 687
@@ -692,26 +697,14 @@ static void copy_sec_desc(const struct cifs_ntsd *pntsd,
692 owner_sid_ptr = (struct cifs_sid *)((char *)pntsd + 697 owner_sid_ptr = (struct cifs_sid *)((char *)pntsd +
693 le32_to_cpu(pntsd->osidoffset)); 698 le32_to_cpu(pntsd->osidoffset));
694 nowner_sid_ptr = (struct cifs_sid *)((char *)pnntsd + sidsoffset); 699 nowner_sid_ptr = (struct cifs_sid *)((char *)pnntsd + sidsoffset);
695 700 cifs_copy_sid(nowner_sid_ptr, owner_sid_ptr);
696 nowner_sid_ptr->revision = owner_sid_ptr->revision;
697 nowner_sid_ptr->num_subauth = owner_sid_ptr->num_subauth;
698 for (i = 0; i < 6; i++)
699 nowner_sid_ptr->authority[i] = owner_sid_ptr->authority[i];
700 for (i = 0; i < 5; i++)
701 nowner_sid_ptr->sub_auth[i] = owner_sid_ptr->sub_auth[i];
702 701
703 /* copy group sid */ 702 /* copy group sid */
704 group_sid_ptr = (struct cifs_sid *)((char *)pntsd + 703 group_sid_ptr = (struct cifs_sid *)((char *)pntsd +
705 le32_to_cpu(pntsd->gsidoffset)); 704 le32_to_cpu(pntsd->gsidoffset));
706 ngroup_sid_ptr = (struct cifs_sid *)((char *)pnntsd + sidsoffset + 705 ngroup_sid_ptr = (struct cifs_sid *)((char *)pnntsd + sidsoffset +
707 sizeof(struct cifs_sid)); 706 sizeof(struct cifs_sid));
708 707 cifs_copy_sid(ngroup_sid_ptr, group_sid_ptr);
709 ngroup_sid_ptr->revision = group_sid_ptr->revision;
710 ngroup_sid_ptr->num_subauth = group_sid_ptr->num_subauth;
711 for (i = 0; i < 6; i++)
712 ngroup_sid_ptr->authority[i] = group_sid_ptr->authority[i];
713 for (i = 0; i < 5; i++)
714 ngroup_sid_ptr->sub_auth[i] = group_sid_ptr->sub_auth[i];
715 708
716 return; 709 return;
717} 710}
@@ -1120,8 +1113,7 @@ static int build_sec_desc(struct cifs_ntsd *pntsd, struct cifs_ntsd *pnntsd,
1120 kfree(nowner_sid_ptr); 1113 kfree(nowner_sid_ptr);
1121 return rc; 1114 return rc;
1122 } 1115 }
1123 memcpy(owner_sid_ptr, nowner_sid_ptr, 1116 cifs_copy_sid(owner_sid_ptr, nowner_sid_ptr);
1124 sizeof(struct cifs_sid));
1125 kfree(nowner_sid_ptr); 1117 kfree(nowner_sid_ptr);
1126 *aclflag = CIFS_ACL_OWNER; 1118 *aclflag = CIFS_ACL_OWNER;
1127 } 1119 }
@@ -1139,8 +1131,7 @@ static int build_sec_desc(struct cifs_ntsd *pntsd, struct cifs_ntsd *pnntsd,
1139 kfree(ngroup_sid_ptr); 1131 kfree(ngroup_sid_ptr);
1140 return rc; 1132 return rc;
1141 } 1133 }
1142 memcpy(group_sid_ptr, ngroup_sid_ptr, 1134 cifs_copy_sid(group_sid_ptr, ngroup_sid_ptr);
1143 sizeof(struct cifs_sid));
1144 kfree(ngroup_sid_ptr); 1135 kfree(ngroup_sid_ptr);
1145 *aclflag = CIFS_ACL_GROUP; 1136 *aclflag = CIFS_ACL_GROUP;
1146 } 1137 }
diff --git a/fs/cifs/dir.c b/fs/cifs/dir.c
index 7c0a81283645..d3671f2acb29 100644
--- a/fs/cifs/dir.c
+++ b/fs/cifs/dir.c
@@ -398,7 +398,16 @@ cifs_atomic_open(struct inode *inode, struct dentry *direntry,
398 * in network traffic in the other paths. 398 * in network traffic in the other paths.
399 */ 399 */
400 if (!(oflags & O_CREAT)) { 400 if (!(oflags & O_CREAT)) {
401 struct dentry *res = cifs_lookup(inode, direntry, 0); 401 struct dentry *res;
402
403 /*
404 * Check for hashed negative dentry. We have already revalidated
405 * the dentry and it is fine. No need to perform another lookup.
406 */
407 if (!d_unhashed(direntry))
408 return -ENOENT;
409
410 res = cifs_lookup(inode, direntry, 0);
402 if (IS_ERR(res)) 411 if (IS_ERR(res))
403 return PTR_ERR(res); 412 return PTR_ERR(res);
404 413