mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2025-01-10 07:00:48 +00:00
[CIFS] Fix walking out end of cifs dacl
Acked-by: Shirish Pargaonkar <shirishp@us.ibm.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
This commit is contained in:
parent
f1d662a7d5
commit
63d2583f5a
@ -327,7 +327,7 @@ static int parse_sec_desc(struct cifs_ntsd *pntsd, int acl_len,
|
||||
group_sid_ptr = (struct cifs_sid *)((char *)pntsd +
|
||||
le32_to_cpu(pntsd->gsidoffset));
|
||||
dacloffset = le32_to_cpu(pntsd->dacloffset);
|
||||
dacl_ptr = (struct cifs_acl *)(char *)pntsd + dacloffset;
|
||||
dacl_ptr = (struct cifs_acl *)((char *)pntsd + dacloffset);
|
||||
#ifdef CONFIG_CIFS_DEBUG2
|
||||
cFYI(1, ("revision %d type 0x%x ooffset 0x%x goffset 0x%x "
|
||||
"sacloffset 0x%x dacloffset 0x%x",
|
||||
@ -346,7 +346,7 @@ static int parse_sec_desc(struct cifs_ntsd *pntsd, int acl_len,
|
||||
|
||||
if (dacloffset)
|
||||
parse_dacl(dacl_ptr, end_of_acl, owner_sid_ptr,
|
||||
group_sid_ptr, inode);
|
||||
group_sid_ptr, inode);
|
||||
else
|
||||
cFYI(1, ("no ACL")); /* BB grant all or default perms? */
|
||||
|
||||
|
@ -35,6 +35,9 @@
|
||||
#define UBITSHIFT 6
|
||||
#define GBITSHIFT 3
|
||||
|
||||
#define ACCESS_ALLOWED 0
|
||||
#define ACCESS_DENIED 1
|
||||
|
||||
struct cifs_ntsd {
|
||||
__le16 revision; /* revision level */
|
||||
__le16 type;
|
||||
|
@ -108,7 +108,7 @@ static int cifs_calc_signature2(const struct kvec *iov, int n_vec,
|
||||
/* The first entry includes a length field (which does not get
|
||||
signed that occupies the first 4 bytes before the header */
|
||||
if (i == 0) {
|
||||
if (iov[0].iov_len <= 8 ) /* cmd field at offset 9 */
|
||||
if (iov[0].iov_len <= 8) /* cmd field at offset 9 */
|
||||
break; /* nothing to sign or corrupt header */
|
||||
MD5Update(&context, iov[0].iov_base+4,
|
||||
iov[0].iov_len-4);
|
||||
@ -123,7 +123,7 @@ static int cifs_calc_signature2(const struct kvec *iov, int n_vec,
|
||||
|
||||
|
||||
int cifs_sign_smb2(struct kvec *iov, int n_vec, struct TCP_Server_Info *server,
|
||||
__u32 * pexpected_response_sequence_number)
|
||||
__u32 *pexpected_response_sequence_number)
|
||||
{
|
||||
int rc = 0;
|
||||
char smb_signature[20];
|
||||
|
@ -770,7 +770,7 @@ cifs_print_status(__u32 status_code)
|
||||
|
||||
|
||||
static void
|
||||
ntstatus_to_dos(__u32 ntstatus, __u8 * eclass, __u16 * ecode)
|
||||
ntstatus_to_dos(__u32 ntstatus, __u8 *eclass, __u16 *ecode)
|
||||
{
|
||||
int i;
|
||||
if (ntstatus == 0) {
|
||||
|
@ -495,7 +495,7 @@ ffirst_retry:
|
||||
static int cifs_unicode_bytelen(char *str)
|
||||
{
|
||||
int len;
|
||||
__le16 * ustr = (__le16 *)str;
|
||||
__le16 *ustr = (__le16 *)str;
|
||||
|
||||
for (len = 0; len <= PATH_MAX; len++) {
|
||||
if (ustr[len] == 0)
|
||||
|
@ -80,7 +80,7 @@ SMBencrypt(unsigned char *passwd, unsigned char *c8, unsigned char *p24)
|
||||
|
||||
/* Routines for Windows NT MD4 Hash functions. */
|
||||
static int
|
||||
_my_wcslen(__u16 * str)
|
||||
_my_wcslen(__u16 *str)
|
||||
{
|
||||
int len = 0;
|
||||
while (*str++ != 0)
|
||||
@ -96,7 +96,7 @@ _my_wcslen(__u16 * str)
|
||||
*/
|
||||
|
||||
static int
|
||||
_my_mbstowcs(__u16 * dst, const unsigned char *src, int len)
|
||||
_my_mbstowcs(__u16 *dst, const unsigned char *src, int len)
|
||||
{ /* BB not a very good conversion routine - change/fix */
|
||||
int i;
|
||||
__u16 val;
|
||||
@ -125,9 +125,9 @@ E_md4hash(const unsigned char *passwd, unsigned char *p16)
|
||||
/* Password cannot be longer than 128 characters */
|
||||
if (passwd) {
|
||||
len = strlen((char *) passwd);
|
||||
if (len > 128) {
|
||||
if (len > 128)
|
||||
len = 128;
|
||||
}
|
||||
|
||||
/* Password must be converted to NT unicode */
|
||||
_my_mbstowcs(wpwd, passwd, len);
|
||||
} else
|
||||
@ -189,8 +189,10 @@ ntv2_owf_gen(const unsigned char owf[16], const char *user_n,
|
||||
return;
|
||||
dom_u = user_u + 1024;
|
||||
|
||||
/* push_ucs2(NULL, user_u, user_n, (user_l+1)*2, STR_UNICODE|STR_NOALIGN|STR_TERMINATE|STR_UPPER);
|
||||
push_ucs2(NULL, dom_u, domain_n, (domain_l+1)*2, STR_UNICODE|STR_NOALIGN|STR_TERMINATE|STR_UPPER); */
|
||||
/* push_ucs2(NULL, user_u, user_n, (user_l+1)*2,
|
||||
STR_UNICODE|STR_NOALIGN|STR_TERMINATE|STR_UPPER);
|
||||
push_ucs2(NULL, dom_u, domain_n, (domain_l+1)*2,
|
||||
STR_UNICODE|STR_NOALIGN|STR_TERMINATE|STR_UPPER); */
|
||||
|
||||
/* BB user and domain may need to be uppercased */
|
||||
user_l = cifs_strtoUCS(user_u, user_n, 511, nls_codepage);
|
||||
|
@ -267,7 +267,7 @@ ssize_t cifs_getxattr(struct dentry *direntry, const char *ea_name,
|
||||
int oplock = FALSE;
|
||||
struct cifs_ntsd *pacl = NULL;
|
||||
__u32 buflen = 0;
|
||||
if (experimEnabled)
|
||||
if (experimEnabled)
|
||||
rc = CIFSSMBOpen(xid, pTcon, full_path,
|
||||
FILE_OPEN, GENERIC_READ, 0, &fid,
|
||||
&oplock, NULL, cifs_sb->local_nls,
|
||||
@ -275,7 +275,7 @@ ssize_t cifs_getxattr(struct dentry *direntry, const char *ea_name,
|
||||
CIFS_MOUNT_MAP_SPECIAL_CHR);
|
||||
/* else rc is EOPNOTSUPP from above */
|
||||
|
||||
if(rc == 0) {
|
||||
if (rc == 0) {
|
||||
rc = CIFSSMBGetCIFSACL(xid, pTcon, fid, &pacl,
|
||||
&buflen);
|
||||
CIFSSMBClose(xid, pTcon, fid);
|
||||
|
Loading…
x
Reference in New Issue
Block a user