提交 63d2583f 编写于 作者: S Steve French

[CIFS] Fix walking out end of cifs dacl

Acked-by: NShirish Pargaonkar <shirishp@us.ibm.com>
Signed-off-by: NSteve French <sfrench@us.ibm.com>
上级 f1d662a7
...@@ -327,7 +327,7 @@ static int parse_sec_desc(struct cifs_ntsd *pntsd, int acl_len, ...@@ -327,7 +327,7 @@ static int parse_sec_desc(struct cifs_ntsd *pntsd, int acl_len,
group_sid_ptr = (struct cifs_sid *)((char *)pntsd + group_sid_ptr = (struct cifs_sid *)((char *)pntsd +
le32_to_cpu(pntsd->gsidoffset)); le32_to_cpu(pntsd->gsidoffset));
dacloffset = le32_to_cpu(pntsd->dacloffset); dacloffset = le32_to_cpu(pntsd->dacloffset);
dacl_ptr = (struct cifs_acl *)(char *)pntsd + dacloffset; dacl_ptr = (struct cifs_acl *)((char *)pntsd + dacloffset);
#ifdef CONFIG_CIFS_DEBUG2 #ifdef CONFIG_CIFS_DEBUG2
cFYI(1, ("revision %d type 0x%x ooffset 0x%x goffset 0x%x " cFYI(1, ("revision %d type 0x%x ooffset 0x%x goffset 0x%x "
"sacloffset 0x%x dacloffset 0x%x", "sacloffset 0x%x dacloffset 0x%x",
...@@ -346,7 +346,7 @@ static int parse_sec_desc(struct cifs_ntsd *pntsd, int acl_len, ...@@ -346,7 +346,7 @@ static int parse_sec_desc(struct cifs_ntsd *pntsd, int acl_len,
if (dacloffset) if (dacloffset)
parse_dacl(dacl_ptr, end_of_acl, owner_sid_ptr, parse_dacl(dacl_ptr, end_of_acl, owner_sid_ptr,
group_sid_ptr, inode); group_sid_ptr, inode);
else else
cFYI(1, ("no ACL")); /* BB grant all or default perms? */ cFYI(1, ("no ACL")); /* BB grant all or default perms? */
......
...@@ -35,6 +35,9 @@ ...@@ -35,6 +35,9 @@
#define UBITSHIFT 6 #define UBITSHIFT 6
#define GBITSHIFT 3 #define GBITSHIFT 3
#define ACCESS_ALLOWED 0
#define ACCESS_DENIED 1
struct cifs_ntsd { struct cifs_ntsd {
__le16 revision; /* revision level */ __le16 revision; /* revision level */
__le16 type; __le16 type;
......
...@@ -108,7 +108,7 @@ static int cifs_calc_signature2(const struct kvec *iov, int n_vec, ...@@ -108,7 +108,7 @@ static int cifs_calc_signature2(const struct kvec *iov, int n_vec,
/* The first entry includes a length field (which does not get /* The first entry includes a length field (which does not get
signed that occupies the first 4 bytes before the header */ signed that occupies the first 4 bytes before the header */
if (i == 0) { if (i == 0) {
if (iov[0].iov_len <= 8 ) /* cmd field at offset 9 */ if (iov[0].iov_len <= 8) /* cmd field at offset 9 */
break; /* nothing to sign or corrupt header */ break; /* nothing to sign or corrupt header */
MD5Update(&context, iov[0].iov_base+4, MD5Update(&context, iov[0].iov_base+4,
iov[0].iov_len-4); iov[0].iov_len-4);
...@@ -123,7 +123,7 @@ static int cifs_calc_signature2(const struct kvec *iov, int n_vec, ...@@ -123,7 +123,7 @@ static int cifs_calc_signature2(const struct kvec *iov, int n_vec,
int cifs_sign_smb2(struct kvec *iov, int n_vec, struct TCP_Server_Info *server, int cifs_sign_smb2(struct kvec *iov, int n_vec, struct TCP_Server_Info *server,
__u32 * pexpected_response_sequence_number) __u32 *pexpected_response_sequence_number)
{ {
int rc = 0; int rc = 0;
char smb_signature[20]; char smb_signature[20];
......
...@@ -770,7 +770,7 @@ cifs_print_status(__u32 status_code) ...@@ -770,7 +770,7 @@ cifs_print_status(__u32 status_code)
static void static void
ntstatus_to_dos(__u32 ntstatus, __u8 * eclass, __u16 * ecode) ntstatus_to_dos(__u32 ntstatus, __u8 *eclass, __u16 *ecode)
{ {
int i; int i;
if (ntstatus == 0) { if (ntstatus == 0) {
......
...@@ -495,7 +495,7 @@ static int initiate_cifs_search(const int xid, struct file *file) ...@@ -495,7 +495,7 @@ static int initiate_cifs_search(const int xid, struct file *file)
static int cifs_unicode_bytelen(char *str) static int cifs_unicode_bytelen(char *str)
{ {
int len; int len;
__le16 * ustr = (__le16 *)str; __le16 *ustr = (__le16 *)str;
for (len = 0; len <= PATH_MAX; len++) { for (len = 0; len <= PATH_MAX; len++) {
if (ustr[len] == 0) if (ustr[len] == 0)
......
...@@ -80,7 +80,7 @@ SMBencrypt(unsigned char *passwd, unsigned char *c8, unsigned char *p24) ...@@ -80,7 +80,7 @@ SMBencrypt(unsigned char *passwd, unsigned char *c8, unsigned char *p24)
/* Routines for Windows NT MD4 Hash functions. */ /* Routines for Windows NT MD4 Hash functions. */
static int static int
_my_wcslen(__u16 * str) _my_wcslen(__u16 *str)
{ {
int len = 0; int len = 0;
while (*str++ != 0) while (*str++ != 0)
...@@ -96,7 +96,7 @@ _my_wcslen(__u16 * str) ...@@ -96,7 +96,7 @@ _my_wcslen(__u16 * str)
*/ */
static int static int
_my_mbstowcs(__u16 * dst, const unsigned char *src, int len) _my_mbstowcs(__u16 *dst, const unsigned char *src, int len)
{ /* BB not a very good conversion routine - change/fix */ { /* BB not a very good conversion routine - change/fix */
int i; int i;
__u16 val; __u16 val;
...@@ -125,9 +125,9 @@ E_md4hash(const unsigned char *passwd, unsigned char *p16) ...@@ -125,9 +125,9 @@ E_md4hash(const unsigned char *passwd, unsigned char *p16)
/* Password cannot be longer than 128 characters */ /* Password cannot be longer than 128 characters */
if (passwd) { if (passwd) {
len = strlen((char *) passwd); len = strlen((char *) passwd);
if (len > 128) { if (len > 128)
len = 128; len = 128;
}
/* Password must be converted to NT unicode */ /* Password must be converted to NT unicode */
_my_mbstowcs(wpwd, passwd, len); _my_mbstowcs(wpwd, passwd, len);
} else } else
...@@ -189,8 +189,10 @@ ntv2_owf_gen(const unsigned char owf[16], const char *user_n, ...@@ -189,8 +189,10 @@ ntv2_owf_gen(const unsigned char owf[16], const char *user_n,
return; return;
dom_u = user_u + 1024; dom_u = user_u + 1024;
/* push_ucs2(NULL, user_u, user_n, (user_l+1)*2, STR_UNICODE|STR_NOALIGN|STR_TERMINATE|STR_UPPER); /* push_ucs2(NULL, user_u, user_n, (user_l+1)*2,
push_ucs2(NULL, dom_u, domain_n, (domain_l+1)*2, STR_UNICODE|STR_NOALIGN|STR_TERMINATE|STR_UPPER); */ STR_UNICODE|STR_NOALIGN|STR_TERMINATE|STR_UPPER);
push_ucs2(NULL, dom_u, domain_n, (domain_l+1)*2,
STR_UNICODE|STR_NOALIGN|STR_TERMINATE|STR_UPPER); */
/* BB user and domain may need to be uppercased */ /* BB user and domain may need to be uppercased */
user_l = cifs_strtoUCS(user_u, user_n, 511, nls_codepage); user_l = cifs_strtoUCS(user_u, user_n, 511, nls_codepage);
......
...@@ -267,7 +267,7 @@ ssize_t cifs_getxattr(struct dentry *direntry, const char *ea_name, ...@@ -267,7 +267,7 @@ ssize_t cifs_getxattr(struct dentry *direntry, const char *ea_name,
int oplock = FALSE; int oplock = FALSE;
struct cifs_ntsd *pacl = NULL; struct cifs_ntsd *pacl = NULL;
__u32 buflen = 0; __u32 buflen = 0;
if (experimEnabled) if (experimEnabled)
rc = CIFSSMBOpen(xid, pTcon, full_path, rc = CIFSSMBOpen(xid, pTcon, full_path,
FILE_OPEN, GENERIC_READ, 0, &fid, FILE_OPEN, GENERIC_READ, 0, &fid,
&oplock, NULL, cifs_sb->local_nls, &oplock, NULL, cifs_sb->local_nls,
...@@ -275,7 +275,7 @@ ssize_t cifs_getxattr(struct dentry *direntry, const char *ea_name, ...@@ -275,7 +275,7 @@ ssize_t cifs_getxattr(struct dentry *direntry, const char *ea_name,
CIFS_MOUNT_MAP_SPECIAL_CHR); CIFS_MOUNT_MAP_SPECIAL_CHR);
/* else rc is EOPNOTSUPP from above */ /* else rc is EOPNOTSUPP from above */
if(rc == 0) { if (rc == 0) {
rc = CIFSSMBGetCIFSACL(xid, pTcon, fid, &pacl, rc = CIFSSMBGetCIFSACL(xid, pTcon, fid, &pacl,
&buflen); &buflen);
CIFSSMBClose(xid, pTcon, fid); CIFSSMBClose(xid, pTcon, fid);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册