Merge git://git.samba.org/sfrench/cifs-2.6
* git://git.samba.org/sfrench/cifs-2.6: cifs: Fix broken sec=ntlmv2/i sec option (try #2) Fix the conflict between rwpidforward and rw mount options CIFS: Fix ERR_PTR dereference in cifs_get_root cifs: fix possible memory corruption in CIFSFindNext
This commit is contained in:
commit
2838888f3f
4 changed files with 21 additions and 50 deletions
|
@ -351,9 +351,7 @@ static int
|
|||
build_avpair_blob(struct cifs_ses *ses, const struct nls_table *nls_cp)
|
||||
{
|
||||
unsigned int dlen;
|
||||
unsigned int wlen;
|
||||
unsigned int size = 6 * sizeof(struct ntlmssp2_name);
|
||||
__le64 curtime;
|
||||
unsigned int size = 2 * sizeof(struct ntlmssp2_name);
|
||||
char *defdmname = "WORKGROUP";
|
||||
unsigned char *blobptr;
|
||||
struct ntlmssp2_name *attrptr;
|
||||
|
@ -365,15 +363,14 @@ build_avpair_blob(struct cifs_ses *ses, const struct nls_table *nls_cp)
|
|||
}
|
||||
|
||||
dlen = strlen(ses->domainName);
|
||||
wlen = strlen(ses->server->hostname);
|
||||
|
||||
/* The length of this blob is a size which is
|
||||
* six times the size of a structure which holds name/size +
|
||||
* two times the unicode length of a domain name +
|
||||
* two times the unicode length of a server name +
|
||||
* size of a timestamp (which is 8 bytes).
|
||||
/*
|
||||
* The length of this blob is two times the size of a
|
||||
* structure (av pair) which holds name/size
|
||||
* ( for NTLMSSP_AV_NB_DOMAIN_NAME followed by NTLMSSP_AV_EOL ) +
|
||||
* unicode length of a netbios domain name
|
||||
*/
|
||||
ses->auth_key.len = size + 2 * (2 * dlen) + 2 * (2 * wlen) + 8;
|
||||
ses->auth_key.len = size + 2 * dlen;
|
||||
ses->auth_key.response = kzalloc(ses->auth_key.len, GFP_KERNEL);
|
||||
if (!ses->auth_key.response) {
|
||||
ses->auth_key.len = 0;
|
||||
|
@ -384,44 +381,15 @@ build_avpair_blob(struct cifs_ses *ses, const struct nls_table *nls_cp)
|
|||
blobptr = ses->auth_key.response;
|
||||
attrptr = (struct ntlmssp2_name *) blobptr;
|
||||
|
||||
/*
|
||||
* As defined in MS-NTLM 3.3.2, just this av pair field
|
||||
* is sufficient as part of the temp
|
||||
*/
|
||||
attrptr->type = cpu_to_le16(NTLMSSP_AV_NB_DOMAIN_NAME);
|
||||
attrptr->length = cpu_to_le16(2 * dlen);
|
||||
blobptr = (unsigned char *)attrptr + sizeof(struct ntlmssp2_name);
|
||||
cifs_strtoUCS((__le16 *)blobptr, ses->domainName, dlen, nls_cp);
|
||||
|
||||
blobptr += 2 * dlen;
|
||||
attrptr = (struct ntlmssp2_name *) blobptr;
|
||||
|
||||
attrptr->type = cpu_to_le16(NTLMSSP_AV_NB_COMPUTER_NAME);
|
||||
attrptr->length = cpu_to_le16(2 * wlen);
|
||||
blobptr = (unsigned char *)attrptr + sizeof(struct ntlmssp2_name);
|
||||
cifs_strtoUCS((__le16 *)blobptr, ses->server->hostname, wlen, nls_cp);
|
||||
|
||||
blobptr += 2 * wlen;
|
||||
attrptr = (struct ntlmssp2_name *) blobptr;
|
||||
|
||||
attrptr->type = cpu_to_le16(NTLMSSP_AV_DNS_DOMAIN_NAME);
|
||||
attrptr->length = cpu_to_le16(2 * dlen);
|
||||
blobptr = (unsigned char *)attrptr + sizeof(struct ntlmssp2_name);
|
||||
cifs_strtoUCS((__le16 *)blobptr, ses->domainName, dlen, nls_cp);
|
||||
|
||||
blobptr += 2 * dlen;
|
||||
attrptr = (struct ntlmssp2_name *) blobptr;
|
||||
|
||||
attrptr->type = cpu_to_le16(NTLMSSP_AV_DNS_COMPUTER_NAME);
|
||||
attrptr->length = cpu_to_le16(2 * wlen);
|
||||
blobptr = (unsigned char *)attrptr + sizeof(struct ntlmssp2_name);
|
||||
cifs_strtoUCS((__le16 *)blobptr, ses->server->hostname, wlen, nls_cp);
|
||||
|
||||
blobptr += 2 * wlen;
|
||||
attrptr = (struct ntlmssp2_name *) blobptr;
|
||||
|
||||
attrptr->type = cpu_to_le16(NTLMSSP_AV_TIMESTAMP);
|
||||
attrptr->length = cpu_to_le16(sizeof(__le64));
|
||||
blobptr = (unsigned char *)attrptr + sizeof(struct ntlmssp2_name);
|
||||
curtime = cpu_to_le64(cifs_UnixTimeToNT(CURRENT_TIME));
|
||||
memcpy(blobptr, &curtime, sizeof(__le64));
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
|
@ -548,6 +548,12 @@ cifs_get_root(struct smb_vol *vol, struct super_block *sb)
|
|||
struct inode *dir = dentry->d_inode;
|
||||
struct dentry *child;
|
||||
|
||||
if (!dir) {
|
||||
dput(dentry);
|
||||
dentry = ERR_PTR(-ENOENT);
|
||||
break;
|
||||
}
|
||||
|
||||
/* skip separators */
|
||||
while (*s == sep)
|
||||
s++;
|
||||
|
@ -563,10 +569,6 @@ cifs_get_root(struct smb_vol *vol, struct super_block *sb)
|
|||
mutex_unlock(&dir->i_mutex);
|
||||
dput(dentry);
|
||||
dentry = child;
|
||||
if (!dentry->d_inode) {
|
||||
dput(dentry);
|
||||
dentry = ERR_PTR(-ENOENT);
|
||||
}
|
||||
} while (!IS_ERR(dentry));
|
||||
_FreeXid(xid);
|
||||
kfree(full_path);
|
||||
|
|
|
@ -4079,7 +4079,8 @@ int CIFSFindNext(const int xid, struct cifs_tcon *tcon,
|
|||
T2_FNEXT_RSP_PARMS *parms;
|
||||
char *response_data;
|
||||
int rc = 0;
|
||||
int bytes_returned, name_len;
|
||||
int bytes_returned;
|
||||
unsigned int name_len;
|
||||
__u16 params, byte_count;
|
||||
|
||||
cFYI(1, "In FindNext");
|
||||
|
|
|
@ -1298,7 +1298,7 @@ cifs_parse_mount_options(const char *mountdata, const char *devname,
|
|||
/* ignore */
|
||||
} else if (strnicmp(data, "guest", 5) == 0) {
|
||||
/* ignore */
|
||||
} else if (strnicmp(data, "rw", 2) == 0) {
|
||||
} else if (strnicmp(data, "rw", 2) == 0 && strlen(data) == 2) {
|
||||
/* ignore */
|
||||
} else if (strnicmp(data, "ro", 2) == 0) {
|
||||
/* ignore */
|
||||
|
@ -1401,7 +1401,7 @@ cifs_parse_mount_options(const char *mountdata, const char *devname,
|
|||
vol->server_ino = 1;
|
||||
} else if (strnicmp(data, "noserverino", 9) == 0) {
|
||||
vol->server_ino = 0;
|
||||
} else if (strnicmp(data, "rwpidforward", 4) == 0) {
|
||||
} else if (strnicmp(data, "rwpidforward", 12) == 0) {
|
||||
vol->rwpidforward = 1;
|
||||
} else if (strnicmp(data, "cifsacl", 7) == 0) {
|
||||
vol->cifs_acl = 1;
|
||||
|
|
Loading…
Reference in a new issue