Merge git://git.samba.org/sfrench/cifs-2.6
* git://git.samba.org/sfrench/cifs-2.6: cifs: Fix oops in session setup code for null user mounts [CIFS] Update cifs Kconfig title to match removal of experimental dependency cifs: fix printk format warnings cifs: check offset in decode_ntlmssp_challenge() cifs: NULL dereference on allocation failure
This commit is contained in:
commit
84f8bf38b9
3 changed files with 15 additions and 14 deletions
|
@ -139,7 +139,7 @@ config CIFS_DFS_UPCALL
|
|||
points. If unsure, say N.
|
||||
|
||||
config CIFS_FSCACHE
|
||||
bool "Provide CIFS client caching support (EXPERIMENTAL)"
|
||||
bool "Provide CIFS client caching support"
|
||||
depends on CIFS=m && FSCACHE || CIFS=y && FSCACHE=y
|
||||
help
|
||||
Makes CIFS FS-Cache capable. Say Y here if you want your CIFS data
|
||||
|
@ -147,7 +147,7 @@ config CIFS_FSCACHE
|
|||
manager. If unsure, say N.
|
||||
|
||||
config CIFS_ACL
|
||||
bool "Provide CIFS ACL support (EXPERIMENTAL)"
|
||||
bool "Provide CIFS ACL support"
|
||||
depends on CIFS_XATTR && KEYS
|
||||
help
|
||||
Allows to fetch CIFS/NTFS ACL from the server. The DACL blob
|
||||
|
|
|
@ -2142,14 +2142,14 @@ cifs_set_cifscreds(struct smb_vol *vol, struct cifs_ses *ses)
|
|||
|
||||
len = delim - payload;
|
||||
if (len > MAX_USERNAME_SIZE || len <= 0) {
|
||||
cFYI(1, "Bad value from username search (len=%ld)", len);
|
||||
cFYI(1, "Bad value from username search (len=%zd)", len);
|
||||
rc = -EINVAL;
|
||||
goto out_key_put;
|
||||
}
|
||||
|
||||
vol->username = kstrndup(payload, len, GFP_KERNEL);
|
||||
if (!vol->username) {
|
||||
cFYI(1, "Unable to allocate %ld bytes for username", len);
|
||||
cFYI(1, "Unable to allocate %zd bytes for username", len);
|
||||
rc = -ENOMEM;
|
||||
goto out_key_put;
|
||||
}
|
||||
|
@ -2157,7 +2157,7 @@ cifs_set_cifscreds(struct smb_vol *vol, struct cifs_ses *ses)
|
|||
|
||||
len = key->datalen - (len + 1);
|
||||
if (len > MAX_PASSWORD_SIZE || len <= 0) {
|
||||
cFYI(1, "Bad len for password search (len=%ld)", len);
|
||||
cFYI(1, "Bad len for password search (len=%zd)", len);
|
||||
rc = -EINVAL;
|
||||
kfree(vol->username);
|
||||
vol->username = NULL;
|
||||
|
@ -2167,7 +2167,7 @@ cifs_set_cifscreds(struct smb_vol *vol, struct cifs_ses *ses)
|
|||
++delim;
|
||||
vol->password = kstrndup(delim, len, GFP_KERNEL);
|
||||
if (!vol->password) {
|
||||
cFYI(1, "Unable to allocate %ld bytes for password", len);
|
||||
cFYI(1, "Unable to allocate %zd bytes for password", len);
|
||||
rc = -ENOMEM;
|
||||
kfree(vol->username);
|
||||
vol->username = NULL;
|
||||
|
@ -3857,10 +3857,8 @@ cifs_construct_tcon(struct cifs_sb_info *cifs_sb, uid_t fsuid)
|
|||
struct smb_vol *vol_info;
|
||||
|
||||
vol_info = kzalloc(sizeof(*vol_info), GFP_KERNEL);
|
||||
if (vol_info == NULL) {
|
||||
tcon = ERR_PTR(-ENOMEM);
|
||||
goto out;
|
||||
}
|
||||
if (vol_info == NULL)
|
||||
return ERR_PTR(-ENOMEM);
|
||||
|
||||
vol_info->local_nls = cifs_sb->local_nls;
|
||||
vol_info->linux_uid = fsuid;
|
||||
|
|
|
@ -246,16 +246,15 @@ static void ascii_ssetup_strings(char **pbcc_area, struct cifs_ses *ses,
|
|||
/* copy user */
|
||||
/* BB what about null user mounts - check that we do this BB */
|
||||
/* copy user */
|
||||
if (ses->user_name != NULL)
|
||||
if (ses->user_name != NULL) {
|
||||
strncpy(bcc_ptr, ses->user_name, MAX_USERNAME_SIZE);
|
||||
bcc_ptr += strnlen(ses->user_name, MAX_USERNAME_SIZE);
|
||||
}
|
||||
/* else null user mount */
|
||||
|
||||
bcc_ptr += strnlen(ses->user_name, MAX_USERNAME_SIZE);
|
||||
*bcc_ptr = 0;
|
||||
bcc_ptr++; /* account for null termination */
|
||||
|
||||
/* copy domain */
|
||||
|
||||
if (ses->domainName != NULL) {
|
||||
strncpy(bcc_ptr, ses->domainName, 256);
|
||||
bcc_ptr += strnlen(ses->domainName, 256);
|
||||
|
@ -395,6 +394,10 @@ static int decode_ntlmssp_challenge(char *bcc_ptr, int blob_len,
|
|||
ses->ntlmssp->server_flags = le32_to_cpu(pblob->NegotiateFlags);
|
||||
tioffset = le32_to_cpu(pblob->TargetInfoArray.BufferOffset);
|
||||
tilen = le16_to_cpu(pblob->TargetInfoArray.Length);
|
||||
if (tioffset > blob_len || tioffset + tilen > blob_len) {
|
||||
cERROR(1, "tioffset + tilen too high %u + %u", tioffset, tilen);
|
||||
return -EINVAL;
|
||||
}
|
||||
if (tilen) {
|
||||
ses->auth_key.response = kmalloc(tilen, GFP_KERNEL);
|
||||
if (!ses->auth_key.response) {
|
||||
|
|
Loading…
Reference in a new issue