tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge git://git.samba.org/sfrench/cifs-2.6

* git://git.samba.org/sfrench/cifs-2.6:
cifs: Fix broken sec=ntlmv2/i sec option (try #2)
Fix the conflict between rwpidforward and rw mount options
CIFS: Fix ERR_PTR dereference in cifs_get_root
cifs: fix possible memory corruption in CIFSFindNext

Linus Torvalds 2838888f d006de93

+21 -50
+11 -43
fs/cifs/cifsencrypt.c
··· 351 351 build_avpair_blob(struct cifs_ses *ses, const struct nls_table *nls_cp) 352 352 { 353 353 unsigned int dlen; 354 - unsigned int wlen; 355 - unsigned int size = 6 * sizeof(struct ntlmssp2_name); 356 - __le64 curtime; 354 + unsigned int size = 2 * sizeof(struct ntlmssp2_name); 357 355 char *defdmname = "WORKGROUP"; 358 356 unsigned char *blobptr; 359 357 struct ntlmssp2_name *attrptr; ··· 363 365 } 364 366 365 367 dlen = strlen(ses->domainName); 366 - wlen = strlen(ses->server->hostname); 367 368 368 - /* The length of this blob is a size which is 369 - * six times the size of a structure which holds name/size + 370 - * two times the unicode length of a domain name + 371 - * two times the unicode length of a server name + 372 - * size of a timestamp (which is 8 bytes). 369 + /* 370 + * The length of this blob is two times the size of a 371 + * structure (av pair) which holds name/size 372 + * ( for NTLMSSP_AV_NB_DOMAIN_NAME followed by NTLMSSP_AV_EOL ) + 373 + * unicode length of a netbios domain name 373 374 */ 374 - ses->auth_key.len = size + 2 * (2 * dlen) + 2 * (2 * wlen) + 8; 375 + ses->auth_key.len = size + 2 * dlen; 375 376 ses->auth_key.response = kzalloc(ses->auth_key.len, GFP_KERNEL); 376 377 if (!ses->auth_key.response) { 377 378 ses->auth_key.len = 0; ··· 381 384 blobptr = ses->auth_key.response; 382 385 attrptr = (struct ntlmssp2_name *) blobptr; 383 386 387 + /* 388 + * As defined in MS-NTLM 3.3.2, just this av pair field 389 + * is sufficient as part of the temp 390 + */ 384 391 attrptr->type = cpu_to_le16(NTLMSSP_AV_NB_DOMAIN_NAME); 385 392 attrptr->length = cpu_to_le16(2 * dlen); 386 393 blobptr = (unsigned char *)attrptr + sizeof(struct ntlmssp2_name); 387 394 cifs_strtoUCS((__le16 *)blobptr, ses->domainName, dlen, nls_cp); 388 - 389 - blobptr += 2 * dlen; 390 - attrptr = (struct ntlmssp2_name *) blobptr; 391 - 392 - attrptr->type = cpu_to_le16(NTLMSSP_AV_NB_COMPUTER_NAME); 393 - attrptr->length = cpu_to_le16(2 * wlen); 394 - blobptr = (unsigned char *)attrptr + sizeof(struct ntlmssp2_name); 395 - cifs_strtoUCS((__le16 *)blobptr, ses->server->hostname, wlen, nls_cp); 396 - 397 - blobptr += 2 * wlen; 398 - attrptr = (struct ntlmssp2_name *) blobptr; 399 - 400 - attrptr->type = cpu_to_le16(NTLMSSP_AV_DNS_DOMAIN_NAME); 401 - attrptr->length = cpu_to_le16(2 * dlen); 402 - blobptr = (unsigned char *)attrptr + sizeof(struct ntlmssp2_name); 403 - cifs_strtoUCS((__le16 *)blobptr, ses->domainName, dlen, nls_cp); 404 - 405 - blobptr += 2 * dlen; 406 - attrptr = (struct ntlmssp2_name *) blobptr; 407 - 408 - attrptr->type = cpu_to_le16(NTLMSSP_AV_DNS_COMPUTER_NAME); 409 - attrptr->length = cpu_to_le16(2 * wlen); 410 - blobptr = (unsigned char *)attrptr + sizeof(struct ntlmssp2_name); 411 - cifs_strtoUCS((__le16 *)blobptr, ses->server->hostname, wlen, nls_cp); 412 - 413 - blobptr += 2 * wlen; 414 - attrptr = (struct ntlmssp2_name *) blobptr; 415 - 416 - attrptr->type = cpu_to_le16(NTLMSSP_AV_TIMESTAMP); 417 - attrptr->length = cpu_to_le16(sizeof(__le64)); 418 - blobptr = (unsigned char *)attrptr + sizeof(struct ntlmssp2_name); 419 - curtime = cpu_to_le64(cifs_UnixTimeToNT(CURRENT_TIME)); 420 - memcpy(blobptr, &curtime, sizeof(__le64)); 421 395 422 396 return 0; 423 397 }
+6 -4
fs/cifs/cifsfs.c
··· 548 548 struct inode *dir = dentry->d_inode; 549 549 struct dentry *child; 550 550 551 + if (!dir) { 552 + dput(dentry); 553 + dentry = ERR_PTR(-ENOENT); 554 + break; 555 + } 556 + 551 557 /* skip separators */ 552 558 while (*s == sep) 553 559 s++; ··· 569 563 mutex_unlock(&dir->i_mutex); 570 564 dput(dentry); 571 565 dentry = child; 572 - if (!dentry->d_inode) { 573 - dput(dentry); 574 - dentry = ERR_PTR(-ENOENT); 575 - } 576 566 } while (!IS_ERR(dentry)); 577 567 _FreeXid(xid); 578 568 kfree(full_path);
+2 -1
fs/cifs/cifssmb.c
··· 4079 4079 T2_FNEXT_RSP_PARMS *parms; 4080 4080 char *response_data; 4081 4081 int rc = 0; 4082 - int bytes_returned, name_len; 4082 + int bytes_returned; 4083 + unsigned int name_len; 4083 4084 __u16 params, byte_count; 4084 4085 4085 4086 cFYI(1, "In FindNext");
+2 -2
fs/cifs/connect.c
··· 1298 1298 /* ignore */ 1299 1299 } else if (strnicmp(data, "guest", 5) == 0) { 1300 1300 /* ignore */ 1301 - } else if (strnicmp(data, "rw", 2) == 0) { 1301 + } else if (strnicmp(data, "rw", 2) == 0 && strlen(data) == 2) { 1302 1302 /* ignore */ 1303 1303 } else if (strnicmp(data, "ro", 2) == 0) { 1304 1304 /* ignore */ ··· 1401 1401 vol->server_ino = 1; 1402 1402 } else if (strnicmp(data, "noserverino", 9) == 0) { 1403 1403 vol->server_ino = 0; 1404 - } else if (strnicmp(data, "rwpidforward", 4) == 0) { 1404 + } else if (strnicmp(data, "rwpidforward", 12) == 0) { 1405 1405 vol->rwpidforward = 1; 1406 1406 } else if (strnicmp(data, "cifsacl", 7) == 0) { 1407 1407 vol->cifs_acl = 1;