提交 7b91e266 编写于 作者: J Jeff Layton 提交者: Steve French

cifs: fix error handling in mount-time DFS referral chasing code

If the referral is malformed or the hostname can't be resolved, then
the current code generates an oops. Fix it to handle these errors
gracefully.
Reported-by: NSandro Mathys <sm@sandro-mathys.ch>
Acked-by: NIgor Mammedov <niallain@gmail.com>
CC: Stable <stable@kernel.org>
Signed-off-by: NJeff Layton <jlayton@redhat.com>
Signed-off-by: NSteve French <sfrench@us.ibm.com>
上级 fc013a58
...@@ -55,7 +55,7 @@ void cifs_dfs_release_automount_timer(void) ...@@ -55,7 +55,7 @@ void cifs_dfs_release_automount_timer(void)
* i.e. strips from UNC trailing path that is not part of share * i.e. strips from UNC trailing path that is not part of share
* name and fixup missing '\' in the begining of DFS node refferal * name and fixup missing '\' in the begining of DFS node refferal
* if neccessary. * if neccessary.
* Returns pointer to share name on success or NULL on error. * Returns pointer to share name on success or ERR_PTR on error.
* Caller is responsible for freeing returned string. * Caller is responsible for freeing returned string.
*/ */
static char *cifs_get_share_name(const char *node_name) static char *cifs_get_share_name(const char *node_name)
...@@ -68,7 +68,7 @@ static char *cifs_get_share_name(const char *node_name) ...@@ -68,7 +68,7 @@ static char *cifs_get_share_name(const char *node_name)
UNC = kmalloc(len+2 /*for term null and additional \ if it's missed */, UNC = kmalloc(len+2 /*for term null and additional \ if it's missed */,
GFP_KERNEL); GFP_KERNEL);
if (!UNC) if (!UNC)
return NULL; return ERR_PTR(-ENOMEM);
/* get share name and server name */ /* get share name and server name */
if (node_name[1] != '\\') { if (node_name[1] != '\\') {
...@@ -87,7 +87,7 @@ static char *cifs_get_share_name(const char *node_name) ...@@ -87,7 +87,7 @@ static char *cifs_get_share_name(const char *node_name)
cERROR(1, ("%s: no server name end in node name: %s", cERROR(1, ("%s: no server name end in node name: %s",
__func__, node_name)); __func__, node_name));
kfree(UNC); kfree(UNC);
return NULL; return ERR_PTR(-EINVAL);
} }
/* find sharename end */ /* find sharename end */
...@@ -133,6 +133,12 @@ char *cifs_compose_mount_options(const char *sb_mountdata, ...@@ -133,6 +133,12 @@ char *cifs_compose_mount_options(const char *sb_mountdata,
return ERR_PTR(-EINVAL); return ERR_PTR(-EINVAL);
*devname = cifs_get_share_name(ref->node_name); *devname = cifs_get_share_name(ref->node_name);
if (IS_ERR(*devname)) {
rc = PTR_ERR(*devname);
*devname = NULL;
goto compose_mount_options_err;
}
rc = dns_resolve_server_name_to_ip(*devname, &srvIP); rc = dns_resolve_server_name_to_ip(*devname, &srvIP);
if (rc != 0) { if (rc != 0) {
cERROR(1, ("%s: Failed to resolve server part of %s to IP: %d", cERROR(1, ("%s: Failed to resolve server part of %s to IP: %d",
......
...@@ -2544,11 +2544,20 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, ...@@ -2544,11 +2544,20 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
if (mount_data != mount_data_global) if (mount_data != mount_data_global)
kfree(mount_data); kfree(mount_data);
mount_data = cifs_compose_mount_options( mount_data = cifs_compose_mount_options(
cifs_sb->mountdata, full_path + 1, cifs_sb->mountdata, full_path + 1,
referrals, &fake_devname); referrals, &fake_devname);
kfree(fake_devname);
free_dfs_info_array(referrals, num_referrals); free_dfs_info_array(referrals, num_referrals);
kfree(fake_devname);
kfree(full_path);
if (IS_ERR(mount_data)) {
rc = PTR_ERR(mount_data);
mount_data = NULL;
goto mount_fail_check;
}
if (tcon) if (tcon)
cifs_put_tcon(tcon); cifs_put_tcon(tcon);
...@@ -2556,8 +2565,6 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, ...@@ -2556,8 +2565,6 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
cifs_put_smb_ses(pSesInfo); cifs_put_smb_ses(pSesInfo);
cleanup_volume_info(&volume_info); cleanup_volume_info(&volume_info);
FreeXid(xid);
kfree(full_path);
referral_walks_count++; referral_walks_count++;
goto try_mount_again; goto try_mount_again;
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册