a7y18lte-ubports/android_kernel_samsung_universal7885
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'for-next' of git://git.samba.org/sfrench/cifs-2.6

Browse Source 
Pull CIFS fixes from Steve French:
 "A set of small cifs fixes fixing a memory leak, kernel oops, and
  infinite loop (and some spotted by Coverity)"

* 'for-next' of git://git.samba.org/sfrench/cifs-2.6:
  Fix warning
  Fix another dereference before null check warning
  CIFS: session servername can't be null
  Fix warning on impossible comparison
  Fix coverity warning
  Fix dereference before null check warning
  Don't ignore errors on encrypting password in SMBTcon
  Fix warning on uninitialized buftype
  cifs: potential memory leaks when parsing mnt opts
  cifs: fix use-after-free bug in find_writable_file
  cifs: smb2_clone_range() - exit on unhandled error
This commit is contained in:
Linus Torvalds 2015-04-03 09:54:36 -07:00
commit b010a0f77a
7 changed files with 32 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
fs/cifs/cifsencrypt.c
View File

@ -1,6 +1,9 @@
/* /*
* fs/cifs/cifsencrypt.c * fs/cifs/cifsencrypt.c
* *
* Encryption and hashing operations relating to NTLM, NTLMv2. See MS-NLMP
* for more detailed information
*
* Copyright (C) International Business Machines Corp., 2005,2013 * Copyright (C) International Business Machines Corp., 2005,2013
* Author(s): Steve French (sfrench@us.ibm.com) * Author(s): Steve French (sfrench@us.ibm.com)
* *
@ -515,7 +518,8 @@ static int calc_ntlmv2_hash(struct cifs_ses *ses, char *ntlmv2_hash,
__func__); __func__);
return rc; return rc;
} }
} else if (ses->serverName) { } else {
/* We use ses->serverName if no domain name available */
len = strlen(ses->serverName); len = strlen(ses->serverName);
server = kmalloc(2 + (len * 2), GFP_KERNEL); server = kmalloc(2 + (len * 2), GFP_KERNEL);

13
fs/cifs/connect.c
View File

@ -1599,6 +1599,8 @@ cifs_parse_mount_options(const char *mountdata, const char *devname,
pr_warn("CIFS: username too long\n"); pr_warn("CIFS: username too long\n");
goto cifs_parse_mount_err; goto cifs_parse_mount_err;
} }
kfree(vol->username);
vol->username = kstrdup(string, GFP_KERNEL); vol->username = kstrdup(string, GFP_KERNEL);
if (!vol->username) if (!vol->username)
goto cifs_parse_mount_err; goto cifs_parse_mount_err;
@ -1700,6 +1702,7 @@ cifs_parse_mount_options(const char *mountdata, const char *devname,
goto cifs_parse_mount_err; goto cifs_parse_mount_err;
} }
kfree(vol->domainname);
vol->domainname = kstrdup(string, GFP_KERNEL); vol->domainname = kstrdup(string, GFP_KERNEL);
if (!vol->domainname) { if (!vol->domainname) {
pr_warn("CIFS: no memory for domainname\n"); pr_warn("CIFS: no memory for domainname\n");
@ -1731,6 +1734,7 @@ cifs_parse_mount_options(const char *mountdata, const char *devname,
} }
if (strncasecmp(string, "default", 7) != 0) { if (strncasecmp(string, "default", 7) != 0) {
kfree(vol->iocharset);
vol->iocharset = kstrdup(string, vol->iocharset = kstrdup(string,
GFP_KERNEL); GFP_KERNEL);
if (!vol->iocharset) { if (!vol->iocharset) {
@ -2913,8 +2917,7 @@ ip_rfc1001_connect(struct TCP_Server_Info *server)
* calling name ends in null (byte 16) from old smb * calling name ends in null (byte 16) from old smb
* convention. * convention.
*/ */
if (server->workstation_RFC1001_name && if (server->workstation_RFC1001_name[0] != 0)
server->workstation_RFC1001_name[0] != 0)
rfc1002mangle(ses_init_buf->trailer. rfc1002mangle(ses_init_buf->trailer.
session_req.calling_name, session_req.calling_name,
server->workstation_RFC1001_name, server->workstation_RFC1001_name,
@ -3692,6 +3695,12 @@ CIFSTCon(const unsigned int xid, struct cifs_ses *ses,
#endif /* CIFS_WEAK_PW_HASH */ #endif /* CIFS_WEAK_PW_HASH */
rc = SMBNTencrypt(tcon->password, ses->server->cryptkey, rc = SMBNTencrypt(tcon->password, ses->server->cryptkey,
bcc_ptr, nls_codepage); bcc_ptr, nls_codepage);
if (rc) {
cifs_dbg(FYI, "%s Can't generate NTLM rsp. Error: %d\n",
__func__, rc);
cifs_buf_release(smb_buffer);
return rc;
}
bcc_ptr += CIFS_AUTH_RESP_SIZE; bcc_ptr += CIFS_AUTH_RESP_SIZE;
if (ses->capabilities & CAP_UNICODE) { if (ses->capabilities & CAP_UNICODE) {

1
fs/cifs/file.c
View File

@ -1823,6 +1823,7 @@ refind_writable:
cifsFileInfo_put(inv_file); cifsFileInfo_put(inv_file);
spin_lock(&cifs_file_list_lock); spin_lock(&cifs_file_list_lock);
++refind; ++refind;
inv_file = NULL;
goto refind_writable; goto refind_writable;
} }
} }

2
fs/cifs/inode.c
View File

@ -771,6 +771,8 @@ cifs_get_inode_info(struct inode **inode, const char *full_path,
cifs_buf_release(srchinf->ntwrk_buf_start); cifs_buf_release(srchinf->ntwrk_buf_start);
} }
kfree(srchinf); kfree(srchinf);
if (rc)
goto cgii_exit;
} else } else
goto cgii_exit; goto cgii_exit;

2
fs/cifs/smb2misc.c
View File

@ -322,7 +322,7 @@ smb2_get_data_area_len(int *off, int *len, struct smb2_hdr *hdr)
/* return pointer to beginning of data area, ie offset from SMB start */ /* return pointer to beginning of data area, ie offset from SMB start */
if ((*off != 0) && (*len != 0)) if ((*off != 0) && (*len != 0))
return hdr->ProtocolId + *off; return (char *)(&hdr->ProtocolId[0]) + *off;
else else
return NULL; return NULL;
} }

3
fs/cifs/smb2ops.c
View File

@ -684,7 +684,8 @@ smb2_clone_range(const unsigned int xid,
/* No need to change MaxChunks since already set to 1 */ /* No need to change MaxChunks since already set to 1 */
chunk_sizes_updated = true; chunk_sizes_updated = true;
} } else
goto cchunk_out;
} }
cchunk_out: cchunk_out:

17
fs/cifs/smb2pdu.c
View File

@ -1218,7 +1218,7 @@ SMB2_ioctl(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid,
struct smb2_ioctl_req *req; struct smb2_ioctl_req *req;
struct smb2_ioctl_rsp *rsp; struct smb2_ioctl_rsp *rsp;
struct TCP_Server_Info *server; struct TCP_Server_Info *server;
struct cifs_ses *ses = tcon->ses; struct cifs_ses *ses;
struct kvec iov[2]; struct kvec iov[2];
int resp_buftype; int resp_buftype;
int num_iovecs; int num_iovecs;
@ -1233,6 +1233,11 @@ SMB2_ioctl(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid,
if (plen) if (plen)
*plen = 0; *plen = 0;
if (tcon)
ses = tcon->ses;
else
return -EIO;
if (ses && (ses->server)) if (ses && (ses->server))
server = ses->server; server = ses->server;
else else
@ -1296,14 +1301,12 @@ SMB2_ioctl(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid,
rsp = (struct smb2_ioctl_rsp *)iov[0].iov_base; rsp = (struct smb2_ioctl_rsp *)iov[0].iov_base;
if ((rc != 0) && (rc != -EINVAL)) { if ((rc != 0) && (rc != -EINVAL)) {
if (tcon) cifs_stats_fail_inc(tcon, SMB2_IOCTL_HE);
cifs_stats_fail_inc(tcon, SMB2_IOCTL_HE);
goto ioctl_exit; goto ioctl_exit;
} else if (rc == -EINVAL) { } else if (rc == -EINVAL) {
if ((opcode != FSCTL_SRV_COPYCHUNK_WRITE) && if ((opcode != FSCTL_SRV_COPYCHUNK_WRITE) &&
(opcode != FSCTL_SRV_COPYCHUNK)) { (opcode != FSCTL_SRV_COPYCHUNK)) {
if (tcon) cifs_stats_fail_inc(tcon, SMB2_IOCTL_HE);
cifs_stats_fail_inc(tcon, SMB2_IOCTL_HE);
goto ioctl_exit; goto ioctl_exit;
} }
} }
@ -1629,7 +1632,7 @@ SMB2_flush(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid,
rc = SendReceive2(xid, ses, iov, 1, &resp_buftype, 0); rc = SendReceive2(xid, ses, iov, 1, &resp_buftype, 0);
if ((rc != 0) && tcon) if (rc != 0)
cifs_stats_fail_inc(tcon, SMB2_FLUSH_HE); cifs_stats_fail_inc(tcon, SMB2_FLUSH_HE);
free_rsp_buf(resp_buftype, iov[0].iov_base); free_rsp_buf(resp_buftype, iov[0].iov_base);
@ -2114,7 +2117,7 @@ SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon,
struct kvec iov[2]; struct kvec iov[2];
int rc = 0; int rc = 0;
int len; int len;
int resp_buftype; int resp_buftype = CIFS_NO_BUFFER;
unsigned char *bufptr; unsigned char *bufptr;
struct TCP_Server_Info *server; struct TCP_Server_Info *server;
struct cifs_ses *ses = tcon->ses; struct cifs_ses *ses = tcon->ses;