diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2012-02-07 17:07:20 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2012-02-07 17:07:20 -0500 |
| commit | 84f8bf38b9368add916e7c335b6b94a7ae927cb1 (patch) | |
| tree | e6360985eb4866d22104c63045fc2cf789e449de /fs | |
| parent | e25c173379d1053f0851fa924cd608fc0b16252f (diff) | |
| parent | de47a4176c532ef5961b8a46a2d541a3517412d3 (diff) | |
Merge git://git.samba.org/sfrench/cifs-2.6
* git://git.samba.org/sfrench/cifs-2.6:
cifs: Fix oops in session setup code for null user mounts
[CIFS] Update cifs Kconfig title to match removal of experimental dependency
cifs: fix printk format warnings
cifs: check offset in decode_ntlmssp_challenge()
cifs: NULL dereference on allocation failure
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/cifs/Kconfig | 4 | ||||
| -rw-r--r-- | fs/cifs/connect.c | 14 | ||||
| -rw-r--r-- | fs/cifs/sess.c | 11 |
3 files changed, 15 insertions, 14 deletions
diff --git a/fs/cifs/Kconfig b/fs/cifs/Kconfig index 0554b00a7b33..2b243af70aa3 100644 --- a/fs/cifs/Kconfig +++ b/fs/cifs/Kconfig | |||
| @@ -139,7 +139,7 @@ config CIFS_DFS_UPCALL | |||
| 139 | points. If unsure, say N. | 139 | points. If unsure, say N. |
| 140 | 140 | ||
| 141 | config CIFS_FSCACHE | 141 | config CIFS_FSCACHE |
| 142 | bool "Provide CIFS client caching support (EXPERIMENTAL)" | 142 | bool "Provide CIFS client caching support" |
| 143 | depends on CIFS=m && FSCACHE || CIFS=y && FSCACHE=y | 143 | depends on CIFS=m && FSCACHE || CIFS=y && FSCACHE=y |
| 144 | help | 144 | help |
| 145 | Makes CIFS FS-Cache capable. Say Y here if you want your CIFS data | 145 | Makes CIFS FS-Cache capable. Say Y here if you want your CIFS data |
| @@ -147,7 +147,7 @@ config CIFS_FSCACHE | |||
| 147 | manager. If unsure, say N. | 147 | manager. If unsure, say N. |
| 148 | 148 | ||
| 149 | config CIFS_ACL | 149 | config CIFS_ACL |
| 150 | bool "Provide CIFS ACL support (EXPERIMENTAL)" | 150 | bool "Provide CIFS ACL support" |
| 151 | depends on CIFS_XATTR && KEYS | 151 | depends on CIFS_XATTR && KEYS |
| 152 | help | 152 | help |
| 153 | Allows to fetch CIFS/NTFS ACL from the server. The DACL blob | 153 | Allows to fetch CIFS/NTFS ACL from the server. The DACL blob |
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index 986709a8d903..9c288653e6d6 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c | |||
| @@ -2142,14 +2142,14 @@ cifs_set_cifscreds(struct smb_vol *vol, struct cifs_ses *ses) | |||
| 2142 | 2142 | ||
| 2143 | len = delim - payload; | 2143 | len = delim - payload; |
| 2144 | if (len > MAX_USERNAME_SIZE || len <= 0) { | 2144 | if (len > MAX_USERNAME_SIZE || len <= 0) { |
| 2145 | cFYI(1, "Bad value from username search (len=%ld)", len); | 2145 | cFYI(1, "Bad value from username search (len=%zd)", len); |
| 2146 | rc = -EINVAL; | 2146 | rc = -EINVAL; |
| 2147 | goto out_key_put; | 2147 | goto out_key_put; |
| 2148 | } | 2148 | } |
| 2149 | 2149 | ||
| 2150 | vol->username = kstrndup(payload, len, GFP_KERNEL); | 2150 | vol->username = kstrndup(payload, len, GFP_KERNEL); |
| 2151 | if (!vol->username) { | 2151 | if (!vol->username) { |
| 2152 | cFYI(1, "Unable to allocate %ld bytes for username", len); | 2152 | cFYI(1, "Unable to allocate %zd bytes for username", len); |
| 2153 | rc = -ENOMEM; | 2153 | rc = -ENOMEM; |
| 2154 | goto out_key_put; | 2154 | goto out_key_put; |
| 2155 | } | 2155 | } |
| @@ -2157,7 +2157,7 @@ cifs_set_cifscreds(struct smb_vol *vol, struct cifs_ses *ses) | |||
| 2157 | 2157 | ||
| 2158 | len = key->datalen - (len + 1); | 2158 | len = key->datalen - (len + 1); |
| 2159 | if (len > MAX_PASSWORD_SIZE || len <= 0) { | 2159 | if (len > MAX_PASSWORD_SIZE || len <= 0) { |
| 2160 | cFYI(1, "Bad len for password search (len=%ld)", len); | 2160 | cFYI(1, "Bad len for password search (len=%zd)", len); |
| 2161 | rc = -EINVAL; | 2161 | rc = -EINVAL; |
| 2162 | kfree(vol->username); | 2162 | kfree(vol->username); |
| 2163 | vol->username = NULL; | 2163 | vol->username = NULL; |
| @@ -2167,7 +2167,7 @@ cifs_set_cifscreds(struct smb_vol *vol, struct cifs_ses *ses) | |||
| 2167 | ++delim; | 2167 | ++delim; |
| 2168 | vol->password = kstrndup(delim, len, GFP_KERNEL); | 2168 | vol->password = kstrndup(delim, len, GFP_KERNEL); |
| 2169 | if (!vol->password) { | 2169 | if (!vol->password) { |
| 2170 | cFYI(1, "Unable to allocate %ld bytes for password", len); | 2170 | cFYI(1, "Unable to allocate %zd bytes for password", len); |
| 2171 | rc = -ENOMEM; | 2171 | rc = -ENOMEM; |
| 2172 | kfree(vol->username); | 2172 | kfree(vol->username); |
| 2173 | vol->username = NULL; | 2173 | vol->username = NULL; |
| @@ -3857,10 +3857,8 @@ cifs_construct_tcon(struct cifs_sb_info *cifs_sb, uid_t fsuid) | |||
| 3857 | struct smb_vol *vol_info; | 3857 | struct smb_vol *vol_info; |
| 3858 | 3858 | ||
| 3859 | vol_info = kzalloc(sizeof(*vol_info), GFP_KERNEL); | 3859 | vol_info = kzalloc(sizeof(*vol_info), GFP_KERNEL); |
| 3860 | if (vol_info == NULL) { | 3860 | if (vol_info == NULL) |
| 3861 | tcon = ERR_PTR(-ENOMEM); | 3861 | return ERR_PTR(-ENOMEM); |
| 3862 | goto out; | ||
| 3863 | } | ||
| 3864 | 3862 | ||
| 3865 | vol_info->local_nls = cifs_sb->local_nls; | 3863 | vol_info->local_nls = cifs_sb->local_nls; |
| 3866 | vol_info->linux_uid = fsuid; | 3864 | vol_info->linux_uid = fsuid; |
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c index d85efad5765f..551d0c2b9736 100644 --- a/fs/cifs/sess.c +++ b/fs/cifs/sess.c | |||
| @@ -246,16 +246,15 @@ static void ascii_ssetup_strings(char **pbcc_area, struct cifs_ses *ses, | |||
| 246 | /* copy user */ | 246 | /* copy user */ |
| 247 | /* BB what about null user mounts - check that we do this BB */ | 247 | /* BB what about null user mounts - check that we do this BB */ |
| 248 | /* copy user */ | 248 | /* copy user */ |
| 249 | if (ses->user_name != NULL) | 249 | if (ses->user_name != NULL) { |
| 250 | strncpy(bcc_ptr, ses->user_name, MAX_USERNAME_SIZE); | 250 | strncpy(bcc_ptr, ses->user_name, MAX_USERNAME_SIZE); |
| 251 | bcc_ptr += strnlen(ses->user_name, MAX_USERNAME_SIZE); | ||
| 252 | } | ||
| 251 | /* else null user mount */ | 253 | /* else null user mount */ |
| 252 | |||
| 253 | bcc_ptr += strnlen(ses->user_name, MAX_USERNAME_SIZE); | ||
| 254 | *bcc_ptr = 0; | 254 | *bcc_ptr = 0; |
| 255 | bcc_ptr++; /* account for null termination */ | 255 | bcc_ptr++; /* account for null termination */ |
| 256 | 256 | ||
| 257 | /* copy domain */ | 257 | /* copy domain */ |
| 258 | |||
| 259 | if (ses->domainName != NULL) { | 258 | if (ses->domainName != NULL) { |
| 260 | strncpy(bcc_ptr, ses->domainName, 256); | 259 | strncpy(bcc_ptr, ses->domainName, 256); |
| 261 | bcc_ptr += strnlen(ses->domainName, 256); | 260 | bcc_ptr += strnlen(ses->domainName, 256); |
| @@ -395,6 +394,10 @@ static int decode_ntlmssp_challenge(char *bcc_ptr, int blob_len, | |||
| 395 | ses->ntlmssp->server_flags = le32_to_cpu(pblob->NegotiateFlags); | 394 | ses->ntlmssp->server_flags = le32_to_cpu(pblob->NegotiateFlags); |
| 396 | tioffset = le32_to_cpu(pblob->TargetInfoArray.BufferOffset); | 395 | tioffset = le32_to_cpu(pblob->TargetInfoArray.BufferOffset); |
| 397 | tilen = le16_to_cpu(pblob->TargetInfoArray.Length); | 396 | tilen = le16_to_cpu(pblob->TargetInfoArray.Length); |
| 397 | if (tioffset > blob_len || tioffset + tilen > blob_len) { | ||
| 398 | cERROR(1, "tioffset + tilen too high %u + %u", tioffset, tilen); | ||
| 399 | return -EINVAL; | ||
| 400 | } | ||
| 398 | if (tilen) { | 401 | if (tilen) { |
| 399 | ses->auth_key.response = kmalloc(tilen, GFP_KERNEL); | 402 | ses->auth_key.response = kmalloc(tilen, GFP_KERNEL); |
| 400 | if (!ses->auth_key.response) { | 403 | if (!ses->auth_key.response) { |