Commit 84f8bf38 authored by Linus Torvalds's avatar Linus Torvalds

Merge git://git.samba.org/sfrench/cifs-2.6

* git://git.samba.org/sfrench/cifs-2.6:
  cifs: Fix oops in session setup code for null user mounts
  [CIFS] Update cifs Kconfig title to match removal of experimental dependency
  cifs: fix printk format warnings
  cifs: check offset in decode_ntlmssp_challenge()
  cifs: NULL dereference on allocation failure
parents e25c1733 de47a417
...@@ -139,7 +139,7 @@ config CIFS_DFS_UPCALL ...@@ -139,7 +139,7 @@ config CIFS_DFS_UPCALL
points. If unsure, say N. points. If unsure, say N.
config CIFS_FSCACHE config CIFS_FSCACHE
bool "Provide CIFS client caching support (EXPERIMENTAL)" bool "Provide CIFS client caching support"
depends on CIFS=m && FSCACHE || CIFS=y && FSCACHE=y depends on CIFS=m && FSCACHE || CIFS=y && FSCACHE=y
help help
Makes CIFS FS-Cache capable. Say Y here if you want your CIFS data Makes CIFS FS-Cache capable. Say Y here if you want your CIFS data
...@@ -147,7 +147,7 @@ config CIFS_FSCACHE ...@@ -147,7 +147,7 @@ config CIFS_FSCACHE
manager. If unsure, say N. manager. If unsure, say N.
config CIFS_ACL config CIFS_ACL
bool "Provide CIFS ACL support (EXPERIMENTAL)" bool "Provide CIFS ACL support"
depends on CIFS_XATTR && KEYS depends on CIFS_XATTR && KEYS
help help
Allows to fetch CIFS/NTFS ACL from the server. The DACL blob Allows to fetch CIFS/NTFS ACL from the server. The DACL blob
......
...@@ -2142,14 +2142,14 @@ cifs_set_cifscreds(struct smb_vol *vol, struct cifs_ses *ses) ...@@ -2142,14 +2142,14 @@ cifs_set_cifscreds(struct smb_vol *vol, struct cifs_ses *ses)
len = delim - payload; len = delim - payload;
if (len > MAX_USERNAME_SIZE || len <= 0) { if (len > MAX_USERNAME_SIZE || len <= 0) {
cFYI(1, "Bad value from username search (len=%ld)", len); cFYI(1, "Bad value from username search (len=%zd)", len);
rc = -EINVAL; rc = -EINVAL;
goto out_key_put; goto out_key_put;
} }
vol->username = kstrndup(payload, len, GFP_KERNEL); vol->username = kstrndup(payload, len, GFP_KERNEL);
if (!vol->username) { if (!vol->username) {
cFYI(1, "Unable to allocate %ld bytes for username", len); cFYI(1, "Unable to allocate %zd bytes for username", len);
rc = -ENOMEM; rc = -ENOMEM;
goto out_key_put; goto out_key_put;
} }
...@@ -2157,7 +2157,7 @@ cifs_set_cifscreds(struct smb_vol *vol, struct cifs_ses *ses) ...@@ -2157,7 +2157,7 @@ cifs_set_cifscreds(struct smb_vol *vol, struct cifs_ses *ses)
len = key->datalen - (len + 1); len = key->datalen - (len + 1);
if (len > MAX_PASSWORD_SIZE || len <= 0) { if (len > MAX_PASSWORD_SIZE || len <= 0) {
cFYI(1, "Bad len for password search (len=%ld)", len); cFYI(1, "Bad len for password search (len=%zd)", len);
rc = -EINVAL; rc = -EINVAL;
kfree(vol->username); kfree(vol->username);
vol->username = NULL; vol->username = NULL;
...@@ -2167,7 +2167,7 @@ cifs_set_cifscreds(struct smb_vol *vol, struct cifs_ses *ses) ...@@ -2167,7 +2167,7 @@ cifs_set_cifscreds(struct smb_vol *vol, struct cifs_ses *ses)
++delim; ++delim;
vol->password = kstrndup(delim, len, GFP_KERNEL); vol->password = kstrndup(delim, len, GFP_KERNEL);
if (!vol->password) { if (!vol->password) {
cFYI(1, "Unable to allocate %ld bytes for password", len); cFYI(1, "Unable to allocate %zd bytes for password", len);
rc = -ENOMEM; rc = -ENOMEM;
kfree(vol->username); kfree(vol->username);
vol->username = NULL; vol->username = NULL;
...@@ -3857,10 +3857,8 @@ cifs_construct_tcon(struct cifs_sb_info *cifs_sb, uid_t fsuid) ...@@ -3857,10 +3857,8 @@ cifs_construct_tcon(struct cifs_sb_info *cifs_sb, uid_t fsuid)
struct smb_vol *vol_info; struct smb_vol *vol_info;
vol_info = kzalloc(sizeof(*vol_info), GFP_KERNEL); vol_info = kzalloc(sizeof(*vol_info), GFP_KERNEL);
if (vol_info == NULL) { if (vol_info == NULL)
tcon = ERR_PTR(-ENOMEM); return ERR_PTR(-ENOMEM);
goto out;
}
vol_info->local_nls = cifs_sb->local_nls; vol_info->local_nls = cifs_sb->local_nls;
vol_info->linux_uid = fsuid; vol_info->linux_uid = fsuid;
......
...@@ -246,16 +246,15 @@ static void ascii_ssetup_strings(char **pbcc_area, struct cifs_ses *ses, ...@@ -246,16 +246,15 @@ static void ascii_ssetup_strings(char **pbcc_area, struct cifs_ses *ses,
/* copy user */ /* copy user */
/* BB what about null user mounts - check that we do this BB */ /* BB what about null user mounts - check that we do this BB */
/* copy user */ /* copy user */
if (ses->user_name != NULL) if (ses->user_name != NULL) {
strncpy(bcc_ptr, ses->user_name, MAX_USERNAME_SIZE); strncpy(bcc_ptr, ses->user_name, MAX_USERNAME_SIZE);
bcc_ptr += strnlen(ses->user_name, MAX_USERNAME_SIZE);
}
/* else null user mount */ /* else null user mount */
bcc_ptr += strnlen(ses->user_name, MAX_USERNAME_SIZE);
*bcc_ptr = 0; *bcc_ptr = 0;
bcc_ptr++; /* account for null termination */ bcc_ptr++; /* account for null termination */
/* copy domain */ /* copy domain */
if (ses->domainName != NULL) { if (ses->domainName != NULL) {
strncpy(bcc_ptr, ses->domainName, 256); strncpy(bcc_ptr, ses->domainName, 256);
bcc_ptr += strnlen(ses->domainName, 256); bcc_ptr += strnlen(ses->domainName, 256);
...@@ -395,6 +394,10 @@ static int decode_ntlmssp_challenge(char *bcc_ptr, int blob_len, ...@@ -395,6 +394,10 @@ static int decode_ntlmssp_challenge(char *bcc_ptr, int blob_len,
ses->ntlmssp->server_flags = le32_to_cpu(pblob->NegotiateFlags); ses->ntlmssp->server_flags = le32_to_cpu(pblob->NegotiateFlags);
tioffset = le32_to_cpu(pblob->TargetInfoArray.BufferOffset); tioffset = le32_to_cpu(pblob->TargetInfoArray.BufferOffset);
tilen = le16_to_cpu(pblob->TargetInfoArray.Length); tilen = le16_to_cpu(pblob->TargetInfoArray.Length);
if (tioffset > blob_len || tioffset + tilen > blob_len) {
cERROR(1, "tioffset + tilen too high %u + %u", tioffset, tilen);
return -EINVAL;
}
if (tilen) { if (tilen) {
ses->auth_key.response = kmalloc(tilen, GFP_KERNEL); ses->auth_key.response = kmalloc(tilen, GFP_KERNEL);
if (!ses->auth_key.response) { if (!ses->auth_key.response) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment