tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Merge tag 'v6.14-rc6-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6

Pull smb client fixes from Steve French:
"Six smb3 client fixes, all also for stable"

* tag 'v6.14-rc6-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6:
smb: client: Fix match_session bug preventing session reuse
cifs: Fix integer overflow while processing closetimeo mount option
cifs: Fix integer overflow while processing actimeo mount option
cifs: Fix integer overflow while processing acdirmax mount option
cifs: Fix integer overflow while processing acregmax mount option
smb: client: fix regression with guest option

Linus Torvalds a29967be 85ac31fe

+23 -11
unified split
+12 -4
fs/smb/client/connect.c
··· 1825 1825 struct smb3_fs_context *ctx, 1826 1826 bool match_super) 1827 1827 { 1828 - if (ctx->sectype != Unspecified && 1829 - ctx->sectype != ses->sectype) 1830 - return 0; 1828 + struct TCP_Server_Info *server = ses->server; 1829 + enum securityEnum ctx_sec, ses_sec; 1831 1830 1832 1831 if (!match_super && ctx->dfs_root_ses != ses->dfs_root_ses) 1833 1832 return 0; ··· 1838 1839 if (ses->chan_max < ctx->max_channels) 1839 1840 return 0; 1840 1841 1841 - switch (ses->sectype) { 1842 + ctx_sec = server->ops->select_sectype(server, ctx->sectype); 1843 + ses_sec = server->ops->select_sectype(server, ses->sectype); 1844 + 1845 + if (ctx_sec != ses_sec) 1846 + return 0; 1847 + 1848 + switch (ctx_sec) { 1849 + case IAKerb: 1842 1850 case Kerberos: 1843 1851 if (!uid_eq(ctx->cred_uid, ses->cred_uid)) 1844 1852 return 0; 1845 1853 break; 1854 + case NTLMv2: 1855 + case RawNTLMSSP: 1846 1856 default: 1847 1857 /* NULL username means anonymous session */ 1848 1858 if (ses->user_name == NULL) {
+11 -7
fs/smb/client/fs_context.c
··· 171 171 fsparam_string("username", Opt_user), 172 172 fsparam_string("pass", Opt_pass), 173 173 fsparam_string("password", Opt_pass), 174 + fsparam_string("pass2", Opt_pass2), 174 175 fsparam_string("password2", Opt_pass2), 175 176 fsparam_string("ip", Opt_ip), 176 177 fsparam_string("addr", Opt_ip), ··· 1132 1131 } else if (!strcmp("user", param->key) || !strcmp("username", param->key)) { 1133 1132 skip_parsing = true; 1134 1133 opt = Opt_user; 1134 + } else if (!strcmp("pass2", param->key) || !strcmp("password2", param->key)) { 1135 + skip_parsing = true; 1136 + opt = Opt_pass2; 1135 1137 } 1136 1138 } 1137 1139 ··· 1344 1340 } 1345 1341 break; 1346 1342 case Opt_acregmax: 1347 - ctx->acregmax = HZ * result.uint_32; 1348 - if (ctx->acregmax > CIFS_MAX_ACTIMEO) { 1343 + if (result.uint_32 > CIFS_MAX_ACTIMEO / HZ) { 1349 1344 cifs_errorf(fc, "acregmax too large\n"); 1350 1345 goto cifs_parse_mount_err; 1351 1346 } 1347 + ctx->acregmax = HZ * result.uint_32; 1352 1348 break; 1353 1349 case Opt_acdirmax: 1354 - ctx->acdirmax = HZ * result.uint_32; 1355 - if (ctx->acdirmax > CIFS_MAX_ACTIMEO) { 1350 + if (result.uint_32 > CIFS_MAX_ACTIMEO / HZ) { 1356 1351 cifs_errorf(fc, "acdirmax too large\n"); 1357 1352 goto cifs_parse_mount_err; 1358 1353 } 1354 + ctx->acdirmax = HZ * result.uint_32; 1359 1355 break; 1360 1356 case Opt_actimeo: 1361 - if (HZ * result.uint_32 > CIFS_MAX_ACTIMEO) { 1357 + if (result.uint_32 > CIFS_MAX_ACTIMEO / HZ) { 1362 1358 cifs_errorf(fc, "timeout too large\n"); 1363 1359 goto cifs_parse_mount_err; 1364 1360 } ··· 1370 1366 ctx->acdirmax = ctx->acregmax = HZ * result.uint_32; 1371 1367 break; 1372 1368 case Opt_closetimeo: 1373 - ctx->closetimeo = HZ * result.uint_32; 1374 - if (ctx->closetimeo > SMB3_MAX_DCLOSETIMEO) { 1369 + if (result.uint_32 > SMB3_MAX_DCLOSETIMEO / HZ) { 1375 1370 cifs_errorf(fc, "closetimeo too large\n"); 1376 1371 goto cifs_parse_mount_err; 1377 1372 } 1373 + ctx->closetimeo = HZ * result.uint_32; 1378 1374 break; 1379 1375 case Opt_echo_interval: 1380 1376 ctx->echo_interval = result.uint_32;