diff options
author | Jeff Layton <jlayton@redhat.com> | 2009-01-22 14:43:21 -0500 |
---|---|---|
committer | Steve French <sfrench@us.ibm.com> | 2009-01-28 22:32:13 -0500 |
commit | a9ac49d303f967be0dabd97cb722c4a13109c6c2 (patch) | |
tree | cf170dfaff4b5559eb814806e5cfb573f3e4be93 /fs | |
parent | da505c386c9f993e43861791dae339b2219cf8dd (diff) |
cifs: make sure we allocate enough storage for socket address
The sockaddr declared on the stack in cifs_get_tcp_session is too small
for IPv6 addresses. Change it from "struct sockaddr" to "struct
sockaddr_storage" to prevent stack corruption when IPv6 is used.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/cifs/connect.c | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index a3537a90a9d9..2209be943051 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c | |||
@@ -1354,7 +1354,7 @@ cifs_parse_mount_options(char *options, const char *devname, | |||
1354 | } | 1354 | } |
1355 | 1355 | ||
1356 | static struct TCP_Server_Info * | 1356 | static struct TCP_Server_Info * |
1357 | cifs_find_tcp_session(struct sockaddr *addr) | 1357 | cifs_find_tcp_session(struct sockaddr_storage *addr) |
1358 | { | 1358 | { |
1359 | struct list_head *tmp; | 1359 | struct list_head *tmp; |
1360 | struct TCP_Server_Info *server; | 1360 | struct TCP_Server_Info *server; |
@@ -1374,11 +1374,11 @@ cifs_find_tcp_session(struct sockaddr *addr) | |||
1374 | if (server->tcpStatus == CifsNew) | 1374 | if (server->tcpStatus == CifsNew) |
1375 | continue; | 1375 | continue; |
1376 | 1376 | ||
1377 | if (addr->sa_family == AF_INET && | 1377 | if (addr->ss_family == AF_INET && |
1378 | (addr4->sin_addr.s_addr != | 1378 | (addr4->sin_addr.s_addr != |
1379 | server->addr.sockAddr.sin_addr.s_addr)) | 1379 | server->addr.sockAddr.sin_addr.s_addr)) |
1380 | continue; | 1380 | continue; |
1381 | else if (addr->sa_family == AF_INET6 && | 1381 | else if (addr->ss_family == AF_INET6 && |
1382 | memcmp(&server->addr.sockAddr6.sin6_addr, | 1382 | memcmp(&server->addr.sockAddr6.sin6_addr, |
1383 | &addr6->sin6_addr, sizeof(addr6->sin6_addr))) | 1383 | &addr6->sin6_addr, sizeof(addr6->sin6_addr))) |
1384 | continue; | 1384 | continue; |
@@ -1419,12 +1419,12 @@ static struct TCP_Server_Info * | |||
1419 | cifs_get_tcp_session(struct smb_vol *volume_info) | 1419 | cifs_get_tcp_session(struct smb_vol *volume_info) |
1420 | { | 1420 | { |
1421 | struct TCP_Server_Info *tcp_ses = NULL; | 1421 | struct TCP_Server_Info *tcp_ses = NULL; |
1422 | struct sockaddr addr; | 1422 | struct sockaddr_storage addr; |
1423 | struct sockaddr_in *sin_server = (struct sockaddr_in *) &addr; | 1423 | struct sockaddr_in *sin_server = (struct sockaddr_in *) &addr; |
1424 | struct sockaddr_in6 *sin_server6 = (struct sockaddr_in6 *) &addr; | 1424 | struct sockaddr_in6 *sin_server6 = (struct sockaddr_in6 *) &addr; |
1425 | int rc; | 1425 | int rc; |
1426 | 1426 | ||
1427 | memset(&addr, 0, sizeof(struct sockaddr)); | 1427 | memset(&addr, 0, sizeof(struct sockaddr_storage)); |
1428 | 1428 | ||
1429 | if (volume_info->UNCip && volume_info->UNC) { | 1429 | if (volume_info->UNCip && volume_info->UNC) { |
1430 | rc = cifs_inet_pton(AF_INET, volume_info->UNCip, | 1430 | rc = cifs_inet_pton(AF_INET, volume_info->UNCip, |
@@ -1435,9 +1435,9 @@ cifs_get_tcp_session(struct smb_vol *volume_info) | |||
1435 | rc = cifs_inet_pton(AF_INET6, volume_info->UNCip, | 1435 | rc = cifs_inet_pton(AF_INET6, volume_info->UNCip, |
1436 | &sin_server6->sin6_addr.in6_u); | 1436 | &sin_server6->sin6_addr.in6_u); |
1437 | if (rc > 0) | 1437 | if (rc > 0) |
1438 | addr.sa_family = AF_INET6; | 1438 | addr.ss_family = AF_INET6; |
1439 | } else { | 1439 | } else { |
1440 | addr.sa_family = AF_INET; | 1440 | addr.ss_family = AF_INET; |
1441 | } | 1441 | } |
1442 | 1442 | ||
1443 | if (rc <= 0) { | 1443 | if (rc <= 0) { |
@@ -1502,7 +1502,7 @@ cifs_get_tcp_session(struct smb_vol *volume_info) | |||
1502 | tcp_ses->tcpStatus = CifsNew; | 1502 | tcp_ses->tcpStatus = CifsNew; |
1503 | ++tcp_ses->srv_count; | 1503 | ++tcp_ses->srv_count; |
1504 | 1504 | ||
1505 | if (addr.sa_family == AF_INET6) { | 1505 | if (addr.ss_family == AF_INET6) { |
1506 | cFYI(1, ("attempting ipv6 connect")); | 1506 | cFYI(1, ("attempting ipv6 connect")); |
1507 | /* BB should we allow ipv6 on port 139? */ | 1507 | /* BB should we allow ipv6 on port 139? */ |
1508 | /* other OS never observed in Wild doing 139 with v6 */ | 1508 | /* other OS never observed in Wild doing 139 with v6 */ |