diff options
author | Jeff Layton <jlayton@redhat.com> | 2009-05-19 09:57:03 -0400 |
---|---|---|
committer | Steve French <sfrench@us.ibm.com> | 2009-05-19 11:31:20 -0400 |
commit | 8b6427a2a8f7dd43e9208fb33a3b116d66db4979 (patch) | |
tree | 51b3bcb46a36f3bbc9bfb5ea61cdf600b2233897 /fs | |
parent | b41a080fa9f157d223c782ec3571cf46e34e91d6 (diff) |
cifs: fix pointer initialization and checks in cifs_follow_symlink (try #4)
This is the third respin of the patch posted yesterday to fix the error
handling in cifs_follow_symlink. It also includes a fix for a bogus NULL
pointer check in CIFSSMBQueryUnixSymLink that Jeff Moyer spotted.
It's possible for CIFSSMBQueryUnixSymLink to return without setting
target_path to a valid pointer. If that happens then the current value
to which we're initializing this pointer could cause an oops when it's
kfree'd.
This patch is a little more comprehensive than the last patches. It
reorganizes cifs_follow_link a bit for (hopefully) better readability.
It should also eliminate the uneeded allocation of full_path on servers
without unix extensions (assuming they can get to this point anyway, of
which I'm not convinced).
On a side note, I'm not sure I agree with the logic of enabling this
query even when unix extensions are disabled on the client. It seems
like that should disable this as well. But, changing that is outside the
scope of this fix, so I've left it alone for now.
Reported-by: Jeff Moyer <jmoyer@redhat.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Reviewed-by: Jeff Moyer <jmoyer@redhat.com>
Reviewed-by: Christoph Hellwig <hch@inraded.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/cifs/cifssmb.c | 2 | ||||
-rw-r--r-- | fs/cifs/link.c | 52 |
2 files changed, 27 insertions, 27 deletions
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c index 5759ba53dc96..d06260251c30 100644 --- a/fs/cifs/cifssmb.c +++ b/fs/cifs/cifssmb.c | |||
@@ -2475,7 +2475,7 @@ querySymLinkRetry: | |||
2475 | /* BB FIXME investigate remapping reserved chars here */ | 2475 | /* BB FIXME investigate remapping reserved chars here */ |
2476 | *symlinkinfo = cifs_strndup_from_ucs(data_start, count, | 2476 | *symlinkinfo = cifs_strndup_from_ucs(data_start, count, |
2477 | is_unicode, nls_codepage); | 2477 | is_unicode, nls_codepage); |
2478 | if (!symlinkinfo) | 2478 | if (!*symlinkinfo) |
2479 | rc = -ENOMEM; | 2479 | rc = -ENOMEM; |
2480 | } | 2480 | } |
2481 | } | 2481 | } |
diff --git a/fs/cifs/link.c b/fs/cifs/link.c index ea9d11e3dcbb..cd83c53fcbb5 100644 --- a/fs/cifs/link.c +++ b/fs/cifs/link.c | |||
@@ -107,48 +107,48 @@ void * | |||
107 | cifs_follow_link(struct dentry *direntry, struct nameidata *nd) | 107 | cifs_follow_link(struct dentry *direntry, struct nameidata *nd) |
108 | { | 108 | { |
109 | struct inode *inode = direntry->d_inode; | 109 | struct inode *inode = direntry->d_inode; |
110 | int rc = -EACCES; | 110 | int rc = -ENOMEM; |
111 | int xid; | 111 | int xid; |
112 | char *full_path = NULL; | 112 | char *full_path = NULL; |
113 | char *target_path = ERR_PTR(-ENOMEM); | 113 | char *target_path = NULL; |
114 | struct cifs_sb_info *cifs_sb; | 114 | struct cifs_sb_info *cifs_sb = CIFS_SB(inode->i_sb); |
115 | struct cifsTconInfo *pTcon; | 115 | struct cifsTconInfo *tcon = cifs_sb->tcon; |
116 | 116 | ||
117 | xid = GetXid(); | 117 | xid = GetXid(); |
118 | 118 | ||
119 | full_path = build_path_from_dentry(direntry); | 119 | /* |
120 | * For now, we just handle symlinks with unix extensions enabled. | ||
121 | * Eventually we should handle NTFS reparse points, and MacOS | ||
122 | * symlink support. For instance... | ||
123 | * | ||
124 | * rc = CIFSSMBQueryReparseLinkInfo(...) | ||
125 | * | ||
126 | * For now, just return -EACCES when the server doesn't support posix | ||
127 | * extensions. Note that we still allow querying symlinks when posix | ||
128 | * extensions are manually disabled. We could disable these as well | ||
129 | * but there doesn't seem to be any harm in allowing the client to | ||
130 | * read them. | ||
131 | */ | ||
132 | if (!(tcon->ses->capabilities & CAP_UNIX)) { | ||
133 | rc = -EACCES; | ||
134 | goto out; | ||
135 | } | ||
120 | 136 | ||
137 | full_path = build_path_from_dentry(direntry); | ||
121 | if (!full_path) | 138 | if (!full_path) |
122 | goto out; | 139 | goto out; |
123 | 140 | ||
124 | cFYI(1, ("Full path: %s inode = 0x%p", full_path, inode)); | 141 | cFYI(1, ("Full path: %s inode = 0x%p", full_path, inode)); |
125 | cifs_sb = CIFS_SB(inode->i_sb); | ||
126 | pTcon = cifs_sb->tcon; | ||
127 | |||
128 | /* We could change this to: | ||
129 | if (pTcon->unix_ext) | ||
130 | but there does not seem any point in refusing to | ||
131 | get symlink info if we can, even if unix extensions | ||
132 | turned off for this mount */ | ||
133 | |||
134 | if (pTcon->ses->capabilities & CAP_UNIX) | ||
135 | rc = CIFSSMBUnixQuerySymLink(xid, pTcon, full_path, | ||
136 | &target_path, | ||
137 | cifs_sb->local_nls); | ||
138 | else { | ||
139 | /* BB add read reparse point symlink code here */ | ||
140 | /* rc = CIFSSMBQueryReparseLinkInfo */ | ||
141 | /* BB Add code to Query ReparsePoint info */ | ||
142 | /* BB Add MAC style xsymlink check here if enabled */ | ||
143 | } | ||
144 | 142 | ||
143 | rc = CIFSSMBUnixQuerySymLink(xid, tcon, full_path, &target_path, | ||
144 | cifs_sb->local_nls); | ||
145 | kfree(full_path); | ||
146 | out: | ||
145 | if (rc != 0) { | 147 | if (rc != 0) { |
146 | kfree(target_path); | 148 | kfree(target_path); |
147 | target_path = ERR_PTR(rc); | 149 | target_path = ERR_PTR(rc); |
148 | } | 150 | } |
149 | 151 | ||
150 | kfree(full_path); | ||
151 | out: | ||
152 | FreeXid(xid); | 152 | FreeXid(xid); |
153 | nd_set_link(nd, target_path); | 153 | nd_set_link(nd, target_path); |
154 | return NULL; | 154 | return NULL; |