cifs: sanitize username handling
Currently, it's not very clear whether you're allowed to have a NULL vol->username or ses->user_name. Some places check for it and some don't. Make it clear that a NULL pointer is OK in these fields, and ensure that all the callers check for that. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com>
This commit is contained in:
parent
9f6ed2ca25
commit
04febabcf5
3 changed files with 27 additions and 13 deletions
|
@ -113,9 +113,11 @@ cifs_get_spnego_key(struct cifs_ses *sesInfo)
|
||||||
MAX_MECH_STR_LEN +
|
MAX_MECH_STR_LEN +
|
||||||
UID_KEY_LEN + (sizeof(uid_t) * 2) +
|
UID_KEY_LEN + (sizeof(uid_t) * 2) +
|
||||||
CREDUID_KEY_LEN + (sizeof(uid_t) * 2) +
|
CREDUID_KEY_LEN + (sizeof(uid_t) * 2) +
|
||||||
USER_KEY_LEN + strlen(sesInfo->user_name) +
|
|
||||||
PID_KEY_LEN + (sizeof(pid_t) * 2) + 1;
|
PID_KEY_LEN + (sizeof(pid_t) * 2) + 1;
|
||||||
|
|
||||||
|
if (sesInfo->user_name)
|
||||||
|
desc_len += USER_KEY_LEN + strlen(sesInfo->user_name);
|
||||||
|
|
||||||
spnego_key = ERR_PTR(-ENOMEM);
|
spnego_key = ERR_PTR(-ENOMEM);
|
||||||
description = kzalloc(desc_len, GFP_KERNEL);
|
description = kzalloc(desc_len, GFP_KERNEL);
|
||||||
if (description == NULL)
|
if (description == NULL)
|
||||||
|
@ -152,8 +154,10 @@ cifs_get_spnego_key(struct cifs_ses *sesInfo)
|
||||||
dp = description + strlen(description);
|
dp = description + strlen(description);
|
||||||
sprintf(dp, ";creduid=0x%x", sesInfo->cred_uid);
|
sprintf(dp, ";creduid=0x%x", sesInfo->cred_uid);
|
||||||
|
|
||||||
dp = description + strlen(description);
|
if (sesInfo->user_name) {
|
||||||
sprintf(dp, ";user=%s", sesInfo->user_name);
|
dp = description + strlen(description);
|
||||||
|
sprintf(dp, ";user=%s", sesInfo->user_name);
|
||||||
|
}
|
||||||
|
|
||||||
dp = description + strlen(description);
|
dp = description + strlen(description);
|
||||||
sprintf(dp, ";pid=0x%x", current->pid);
|
sprintf(dp, ";pid=0x%x", current->pid);
|
||||||
|
|
|
@ -420,15 +420,20 @@ static int calc_ntlmv2_hash(struct cifs_ses *ses, char *ntlmv2_hash,
|
||||||
}
|
}
|
||||||
|
|
||||||
/* convert ses->user_name to unicode and uppercase */
|
/* convert ses->user_name to unicode and uppercase */
|
||||||
len = strlen(ses->user_name);
|
len = ses->user_name ? strlen(ses->user_name) : 0;
|
||||||
user = kmalloc(2 + (len * 2), GFP_KERNEL);
|
user = kmalloc(2 + (len * 2), GFP_KERNEL);
|
||||||
if (user == NULL) {
|
if (user == NULL) {
|
||||||
cERROR(1, "calc_ntlmv2_hash: user mem alloc failure\n");
|
cERROR(1, "calc_ntlmv2_hash: user mem alloc failure\n");
|
||||||
rc = -ENOMEM;
|
rc = -ENOMEM;
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
len = cifs_strtoUCS((__le16 *)user, ses->user_name, len, nls_cp);
|
|
||||||
UniStrupr(user);
|
if (len) {
|
||||||
|
len = cifs_strtoUCS((__le16 *)user, ses->user_name, len, nls_cp);
|
||||||
|
UniStrupr(user);
|
||||||
|
} else {
|
||||||
|
memset(user, '\0', 2);
|
||||||
|
}
|
||||||
|
|
||||||
rc = crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash,
|
rc = crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash,
|
||||||
(char *)user, 2 * len);
|
(char *)user, 2 * len);
|
||||||
|
|
|
@ -1997,10 +1997,16 @@ static int match_session(struct cifs_ses *ses, struct smb_vol *vol)
|
||||||
return 0;
|
return 0;
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
|
/* NULL username means anonymous session */
|
||||||
|
if (ses->user_name == NULL) {
|
||||||
|
if (!vol->nullauth)
|
||||||
|
return 0;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
/* anything else takes username/password */
|
/* anything else takes username/password */
|
||||||
if (ses->user_name == NULL)
|
if (strncmp(ses->user_name,
|
||||||
return 0;
|
vol->username ? vol->username : "",
|
||||||
if (strncmp(ses->user_name, vol->username,
|
|
||||||
MAX_USERNAME_SIZE))
|
MAX_USERNAME_SIZE))
|
||||||
return 0;
|
return 0;
|
||||||
if (strlen(vol->username) != 0 &&
|
if (strlen(vol->username) != 0 &&
|
||||||
|
@ -3167,10 +3173,9 @@ cifs_setup_volume_info(struct smb_vol *volume_info, char *mount_data,
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
if (volume_info->nullauth) {
|
if (volume_info->nullauth) {
|
||||||
cFYI(1, "null user");
|
cFYI(1, "Anonymous login");
|
||||||
volume_info->username = kzalloc(1, GFP_KERNEL);
|
kfree(volume_info->username);
|
||||||
if (volume_info->username == NULL)
|
volume_info->username = NULL;
|
||||||
return -ENOMEM;
|
|
||||||
} else if (volume_info->username) {
|
} else if (volume_info->username) {
|
||||||
/* BB fixme parse for domain name here */
|
/* BB fixme parse for domain name here */
|
||||||
cFYI(1, "Username: %s", volume_info->username);
|
cFYI(1, "Username: %s", volume_info->username);
|
||||||
|
|
Loading…
Reference in a new issue