[CIFS] Fix walking out end of cifs dacl
Acked-by: Shirish Pargaonkar <shirishp@us.ibm.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
This commit is contained in:
Steve French
parent
f1d662a7d5
commit
63d2583f5a
|
|
@ -327,7 +327,7 @@ static int parse_sec_desc(struct cifs_ntsd *pntsd, int acl_len,
|
||||||
group_sid_ptr = (struct cifs_sid *)((char *)pntsd +
|
group_sid_ptr = (struct cifs_sid *)((char *)pntsd +
|
||||||
le32_to_cpu(pntsd->gsidoffset));
|
le32_to_cpu(pntsd->gsidoffset));
|
||||||
dacloffset = le32_to_cpu(pntsd->dacloffset);
|
dacloffset = le32_to_cpu(pntsd->dacloffset);
|
||||||
dacl_ptr = (struct cifs_acl *)(char *)pntsd + dacloffset;
|
dacl_ptr = (struct cifs_acl *)((char *)pntsd + dacloffset);
|
||||||
#ifdef CONFIG_CIFS_DEBUG2
|
#ifdef CONFIG_CIFS_DEBUG2
|
||||||
cFYI(1, ("revision %d type 0x%x ooffset 0x%x goffset 0x%x "
|
cFYI(1, ("revision %d type 0x%x ooffset 0x%x goffset 0x%x "
|
||||||
"sacloffset 0x%x dacloffset 0x%x",
|
"sacloffset 0x%x dacloffset 0x%x",
|
||||||
|
|
@ -346,7 +346,7 @@ static int parse_sec_desc(struct cifs_ntsd *pntsd, int acl_len,
|
||||||
|
|
||||||
if (dacloffset)
|
if (dacloffset)
|
||||||
parse_dacl(dacl_ptr, end_of_acl, owner_sid_ptr,
|
parse_dacl(dacl_ptr, end_of_acl, owner_sid_ptr,
|
||||||
group_sid_ptr, inode);
|
group_sid_ptr, inode);
|
||||||
else
|
else
|
||||||
cFYI(1, ("no ACL")); /* BB grant all or default perms? */
|
cFYI(1, ("no ACL")); /* BB grant all or default perms? */
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -35,6 +35,9 @@
|
||||||
#define UBITSHIFT 6
|
#define UBITSHIFT 6
|
||||||
#define GBITSHIFT 3
|
#define GBITSHIFT 3
|
||||||
|
|
||||||
|
#define ACCESS_ALLOWED 0
|
||||||
|
#define ACCESS_DENIED 1
|
||||||
|
|
||||||
struct cifs_ntsd {
|
struct cifs_ntsd {
|
||||||
__le16 revision; /* revision level */
|
__le16 revision; /* revision level */
|
||||||
__le16 type;
|
__le16 type;
|
||||||
|
|
|
||||||
|
|
@ -108,7 +108,7 @@ static int cifs_calc_signature2(const struct kvec *iov, int n_vec,
|
||||||
/* The first entry includes a length field (which does not get
|
/* The first entry includes a length field (which does not get
|
||||||
signed that occupies the first 4 bytes before the header */
|
signed that occupies the first 4 bytes before the header */
|
||||||
if (i == 0) {
|
if (i == 0) {
|
||||||
if (iov[0].iov_len <= 8 ) /* cmd field at offset 9 */
|
if (iov[0].iov_len <= 8) /* cmd field at offset 9 */
|
||||||
break; /* nothing to sign or corrupt header */
|
break; /* nothing to sign or corrupt header */
|
||||||
MD5Update(&context, iov[0].iov_base+4,
|
MD5Update(&context, iov[0].iov_base+4,
|
||||||
iov[0].iov_len-4);
|
iov[0].iov_len-4);
|
||||||
|
|
@ -123,7 +123,7 @@ static int cifs_calc_signature2(const struct kvec *iov, int n_vec,
|
||||||
|
|
||||||
|
|
||||||
int cifs_sign_smb2(struct kvec *iov, int n_vec, struct TCP_Server_Info *server,
|
int cifs_sign_smb2(struct kvec *iov, int n_vec, struct TCP_Server_Info *server,
|
||||||
__u32 * pexpected_response_sequence_number)
|
__u32 *pexpected_response_sequence_number)
|
||||||
{
|
{
|
||||||
int rc = 0;
|
int rc = 0;
|
||||||
char smb_signature[20];
|
char smb_signature[20];
|
||||||
|
|
|
||||||
|
|
@ -770,7 +770,7 @@ cifs_print_status(__u32 status_code)
|
||||||
|
|
||||||
|
|
||||||
static void
|
static void
|
||||||
ntstatus_to_dos(__u32 ntstatus, __u8 * eclass, __u16 * ecode)
|
ntstatus_to_dos(__u32 ntstatus, __u8 *eclass, __u16 *ecode)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
if (ntstatus == 0) {
|
if (ntstatus == 0) {
|
||||||
|
|
|
||||||
|
|
@ -495,7 +495,7 @@ ffirst_retry:
|
||||||
static int cifs_unicode_bytelen(char *str)
|
static int cifs_unicode_bytelen(char *str)
|
||||||
{
|
{
|
||||||
int len;
|
int len;
|
||||||
__le16 * ustr = (__le16 *)str;
|
__le16 *ustr = (__le16 *)str;
|
||||||
|
|
||||||
for (len = 0; len <= PATH_MAX; len++) {
|
for (len = 0; len <= PATH_MAX; len++) {
|
||||||
if (ustr[len] == 0)
|
if (ustr[len] == 0)
|
||||||
|
|
|
||||||
|
|
@ -80,7 +80,7 @@ SMBencrypt(unsigned char *passwd, unsigned char *c8, unsigned char *p24)
|
||||||
|
|
||||||
/* Routines for Windows NT MD4 Hash functions. */
|
/* Routines for Windows NT MD4 Hash functions. */
|
||||||
static int
|
static int
|
||||||
_my_wcslen(__u16 * str)
|
_my_wcslen(__u16 *str)
|
||||||
{
|
{
|
||||||
int len = 0;
|
int len = 0;
|
||||||
while (*str++ != 0)
|
while (*str++ != 0)
|
||||||
|
|
@ -96,7 +96,7 @@ _my_wcslen(__u16 * str)
|
||||||
*/
|
*/
|
||||||
|
|
||||||
static int
|
static int
|
||||||
_my_mbstowcs(__u16 * dst, const unsigned char *src, int len)
|
_my_mbstowcs(__u16 *dst, const unsigned char *src, int len)
|
||||||
{ /* BB not a very good conversion routine - change/fix */
|
{ /* BB not a very good conversion routine - change/fix */
|
||||||
int i;
|
int i;
|
||||||
__u16 val;
|
__u16 val;
|
||||||
|
|
@ -125,9 +125,9 @@ E_md4hash(const unsigned char *passwd, unsigned char *p16)
|
||||||
/* Password cannot be longer than 128 characters */
|
/* Password cannot be longer than 128 characters */
|
||||||
if (passwd) {
|
if (passwd) {
|
||||||
len = strlen((char *) passwd);
|
len = strlen((char *) passwd);
|
||||||
if (len > 128) {
|
if (len > 128)
|
||||||
len = 128;
|
len = 128;
|
||||||
}
|
|
||||||
/* Password must be converted to NT unicode */
|
/* Password must be converted to NT unicode */
|
||||||
_my_mbstowcs(wpwd, passwd, len);
|
_my_mbstowcs(wpwd, passwd, len);
|
||||||
} else
|
} else
|
||||||
|
|
@ -189,8 +189,10 @@ ntv2_owf_gen(const unsigned char owf[16], const char *user_n,
|
||||||
return;
|
return;
|
||||||
dom_u = user_u + 1024;
|
dom_u = user_u + 1024;
|
||||||
|
|
||||||
/* push_ucs2(NULL, user_u, user_n, (user_l+1)*2, STR_UNICODE|STR_NOALIGN|STR_TERMINATE|STR_UPPER);
|
/* push_ucs2(NULL, user_u, user_n, (user_l+1)*2,
|
||||||
push_ucs2(NULL, dom_u, domain_n, (domain_l+1)*2, STR_UNICODE|STR_NOALIGN|STR_TERMINATE|STR_UPPER); */
|
STR_UNICODE|STR_NOALIGN|STR_TERMINATE|STR_UPPER);
|
||||||
|
push_ucs2(NULL, dom_u, domain_n, (domain_l+1)*2,
|
||||||
|
STR_UNICODE|STR_NOALIGN|STR_TERMINATE|STR_UPPER); */
|
||||||
|
|
||||||
/* BB user and domain may need to be uppercased */
|
/* BB user and domain may need to be uppercased */
|
||||||
user_l = cifs_strtoUCS(user_u, user_n, 511, nls_codepage);
|
user_l = cifs_strtoUCS(user_u, user_n, 511, nls_codepage);
|
||||||
|
|
|
||||||
|
|
@ -267,7 +267,7 @@ ssize_t cifs_getxattr(struct dentry *direntry, const char *ea_name,
|
||||||
int oplock = FALSE;
|
int oplock = FALSE;
|
||||||
struct cifs_ntsd *pacl = NULL;
|
struct cifs_ntsd *pacl = NULL;
|
||||||
__u32 buflen = 0;
|
__u32 buflen = 0;
|
||||||
if (experimEnabled)
|
if (experimEnabled)
|
||||||
rc = CIFSSMBOpen(xid, pTcon, full_path,
|
rc = CIFSSMBOpen(xid, pTcon, full_path,
|
||||||
FILE_OPEN, GENERIC_READ, 0, &fid,
|
FILE_OPEN, GENERIC_READ, 0, &fid,
|
||||||
&oplock, NULL, cifs_sb->local_nls,
|
&oplock, NULL, cifs_sb->local_nls,
|
||||||
|
|
@ -275,7 +275,7 @@ ssize_t cifs_getxattr(struct dentry *direntry, const char *ea_name,
|
||||||
CIFS_MOUNT_MAP_SPECIAL_CHR);
|
CIFS_MOUNT_MAP_SPECIAL_CHR);
|
||||||
/* else rc is EOPNOTSUPP from above */
|
/* else rc is EOPNOTSUPP from above */
|
||||||
|
|
||||||
if(rc == 0) {
|
if (rc == 0) {
|
||||||
rc = CIFSSMBGetCIFSACL(xid, pTcon, fid, &pacl,
|
rc = CIFSSMBGetCIFSACL(xid, pTcon, fid, &pacl,
|
||||||
&buflen);
|
&buflen);
|
||||||
CIFSSMBClose(xid, pTcon, fid);
|
CIFSSMBClose(xid, pTcon, fid);
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue