tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag '6.2-rc3-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6

Pull cifs fixes from Steve French:

- memory leak and double free fix

- two symlink fixes

- minor cleanup fix

- two smb1 fixes

* tag '6.2-rc3-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6:
cifs: Fix uninitialized memory read for smb311 posix symlink create
cifs: fix potential memory leaks in session setup
cifs: do not query ifaces on smb1 mounts
cifs: fix double free on failed kerberos auth
cifs: remove redundant assignment to the variable match
cifs: fix file info setting in cifs_open_file()
cifs: fix file info setting in cifs_query_path_info()

Linus Torvalds b35ad63e 8e768130

+49 -34
+1
fs/cifs/cifsencrypt.c
··· 278 278 * ( for NTLMSSP_AV_NB_DOMAIN_NAME followed by NTLMSSP_AV_EOL ) + 279 279 * unicode length of a netbios domain name 280 280 */ 281 + kfree_sensitive(ses->auth_key.response); 281 282 ses->auth_key.len = size + 2 * dlen; 282 283 ses->auth_key.response = kzalloc(ses->auth_key.len, GFP_KERNEL); 283 284 if (!ses->auth_key.response) {
+6 -3
fs/cifs/connect.c
··· 2606 2606 INIT_LIST_HEAD(&tcon->pending_opens); 2607 2607 tcon->status = TID_GOOD; 2608 2608 2609 - /* schedule query interfaces poll */ 2610 2609 INIT_DELAYED_WORK(&tcon->query_interfaces, 2611 2610 smb2_query_server_interfaces); 2612 - queue_delayed_work(cifsiod_wq, &tcon->query_interfaces, 2613 - (SMB_INTERFACE_POLL_INTERVAL * HZ)); 2611 + if (ses->server->dialect >= SMB30_PROT_ID && 2612 + (ses->server->capabilities & SMB2_GLOBAL_CAP_MULTI_CHANNEL)) { 2613 + /* schedule query interfaces poll */ 2614 + queue_delayed_work(cifsiod_wq, &tcon->query_interfaces, 2615 + (SMB_INTERFACE_POLL_INTERVAL * HZ)); 2616 + } 2614 2617 2615 2618 spin_lock(&cifs_tcp_ses_lock); 2616 2619 list_add(&tcon->tcon_list, &ses->tcon_list);
-1
fs/cifs/dfs_cache.c
··· 1299 1299 * Resolve share's hostname and check if server address matches. Otherwise just ignore it 1300 1300 * as we could not have upcall to resolve hostname or failed to convert ip address. 1301 1301 */ 1302 - match = true; 1303 1302 extract_unc_hostname(s1, &host, &hostlen); 1304 1303 scnprintf(unc, sizeof(unc), "\\\\%.*s", (int)hostlen, host); 1305 1304
+1
fs/cifs/link.c
··· 428 428 oparms.disposition = FILE_CREATE; 429 429 oparms.fid = &fid; 430 430 oparms.reconnect = false; 431 + oparms.mode = 0644; 431 432 432 433 rc = SMB2_open(xid, &oparms, utf16_path, &oplock, NULL, NULL, 433 434 NULL, NULL);
+2
fs/cifs/sess.c
··· 815 815 return -EINVAL; 816 816 } 817 817 if (tilen) { 818 + kfree_sensitive(ses->auth_key.response); 818 819 ses->auth_key.response = kmemdup(bcc_ptr + tioffset, tilen, 819 820 GFP_KERNEL); 820 821 if (!ses->auth_key.response) { ··· 1429 1428 goto out_put_spnego_key; 1430 1429 } 1431 1430 1431 + kfree_sensitive(ses->auth_key.response); 1432 1432 ses->auth_key.response = kmemdup(msg->data, msg->sesskey_len, 1433 1433 GFP_KERNEL); 1434 1434 if (!ses->auth_key.response) {
+34 -29
fs/cifs/smb1ops.c
··· 562 562 if ((rc == -EOPNOTSUPP) || (rc == -EINVAL)) { 563 563 rc = SMBQueryInformation(xid, tcon, full_path, &fi, cifs_sb->local_nls, 564 564 cifs_remap(cifs_sb)); 565 - if (!rc) 566 - move_cifs_info_to_smb2(&data->fi, &fi); 567 565 *adjustTZ = true; 568 566 } 569 567 570 - if (!rc && (le32_to_cpu(fi.Attributes) & ATTR_REPARSE)) { 568 + if (!rc) { 571 569 int tmprc; 572 570 int oplock = 0; 573 571 struct cifs_fid fid; 574 572 struct cifs_open_parms oparms; 573 + 574 + move_cifs_info_to_smb2(&data->fi, &fi); 575 + 576 + if (!(le32_to_cpu(fi.Attributes) & ATTR_REPARSE)) 577 + return 0; 575 578 576 579 oparms.tcon = tcon; 577 580 oparms.cifs_sb = cifs_sb; ··· 719 716 static int cifs_open_file(const unsigned int xid, struct cifs_open_parms *oparms, __u32 *oplock, 720 717 void *buf) 721 718 { 722 - FILE_ALL_INFO *fi = buf; 719 + struct cifs_open_info_data *data = buf; 720 + FILE_ALL_INFO fi = {}; 721 + int rc; 723 722 724 723 if (!(oparms->tcon->ses->capabilities & CAP_NT_SMBS)) 725 - return SMBLegacyOpen(xid, oparms->tcon, oparms->path, 726 - oparms->disposition, 727 - oparms->desired_access, 728 - oparms->create_options, 729 - &oparms->fid->netfid, oplock, fi, 730 - oparms->cifs_sb->local_nls, 731 - cifs_remap(oparms->cifs_sb)); 732 - return CIFS_open(xid, oparms, oplock, fi); 724 + rc = SMBLegacyOpen(xid, oparms->tcon, oparms->path, 725 + oparms->disposition, 726 + oparms->desired_access, 727 + oparms->create_options, 728 + &oparms->fid->netfid, oplock, &fi, 729 + oparms->cifs_sb->local_nls, 730 + cifs_remap(oparms->cifs_sb)); 731 + else 732 + rc = CIFS_open(xid, oparms, oplock, &fi); 733 + 734 + if (!rc && data) 735 + move_cifs_info_to_smb2(&data->fi, &fi); 736 + 737 + return rc; 733 738 } 734 739 735 740 static void ··· 1061 1050 struct cifs_sb_info *cifs_sb = CIFS_SB(inode->i_sb); 1062 1051 struct inode *newinode = NULL; 1063 1052 int rc = -EPERM; 1064 - FILE_ALL_INFO *buf = NULL; 1053 + struct cifs_open_info_data buf = {}; 1065 1054 struct cifs_io_parms io_parms; 1066 1055 __u32 oplock = 0; 1067 1056 struct cifs_fid fid; ··· 1093 1082 cifs_sb->local_nls, 1094 1083 cifs_remap(cifs_sb)); 1095 1084 if (rc) 1096 - goto out; 1085 + return rc; 1097 1086 1098 1087 rc = cifs_get_inode_info_unix(&newinode, full_path, 1099 1088 inode->i_sb, xid); 1100 1089 1101 1090 if (rc == 0) 1102 1091 d_instantiate(dentry, newinode); 1103 - goto out; 1092 + return rc; 1104 1093 } 1105 1094 1106 1095 /* ··· 1108 1097 * support block and char device (no socket & fifo) 1109 1098 */ 1110 1099 if (!(cifs_sb->mnt_cifs_flags & CIFS_MOUNT_UNX_EMUL)) 1111 - goto out; 1100 + return rc; 1112 1101 1113 1102 if (!S_ISCHR(mode) && !S_ISBLK(mode)) 1114 - goto out; 1103 + return rc; 1115 1104 1116 1105 cifs_dbg(FYI, "sfu compat create special file\n"); 1117 - 1118 - buf = kmalloc(sizeof(FILE_ALL_INFO), GFP_KERNEL); 1119 - if (buf == NULL) { 1120 - rc = -ENOMEM; 1121 - goto out; 1122 - } 1123 1106 1124 1107 oparms.tcon = tcon; 1125 1108 oparms.cifs_sb = cifs_sb; ··· 1129 1124 oplock = REQ_OPLOCK; 1130 1125 else 1131 1126 oplock = 0; 1132 - rc = tcon->ses->server->ops->open(xid, &oparms, &oplock, buf); 1127 + rc = tcon->ses->server->ops->open(xid, &oparms, &oplock, &buf); 1133 1128 if (rc) 1134 - goto out; 1129 + return rc; 1135 1130 1136 1131 /* 1137 1132 * BB Do not bother to decode buf since no local inode yet to put 1138 1133 * timestamps in, but we can reuse it safely. 1139 1134 */ 1140 1135 1141 - pdev = (struct win_dev *)buf; 1136 + pdev = (struct win_dev *)&buf.fi; 1142 1137 io_parms.pid = current->tgid; 1143 1138 io_parms.tcon = tcon; 1144 1139 io_parms.offset = 0; 1145 1140 io_parms.length = sizeof(struct win_dev); 1146 - iov[1].iov_base = buf; 1141 + iov[1].iov_base = &buf.fi; 1147 1142 iov[1].iov_len = sizeof(struct win_dev); 1148 1143 if (S_ISCHR(mode)) { 1149 1144 memcpy(pdev->type, "IntxCHR", 8); ··· 1162 1157 d_drop(dentry); 1163 1158 1164 1159 /* FIXME: add code here to set EAs */ 1165 - out: 1166 - kfree(buf); 1160 + 1161 + cifs_free_open_info(&buf); 1167 1162 return rc; 1168 1163 } 1169 1164
+5 -1
fs/cifs/smb2pdu.c
··· 1453 1453 1454 1454 /* keep session key if binding */ 1455 1455 if (!is_binding) { 1456 + kfree_sensitive(ses->auth_key.response); 1456 1457 ses->auth_key.response = kmemdup(msg->data, msg->sesskey_len, 1457 1458 GFP_KERNEL); 1458 1459 if (!ses->auth_key.response) { ··· 1483 1482 out_put_spnego_key: 1484 1483 key_invalidate(spnego_key); 1485 1484 key_put(spnego_key); 1486 - if (rc) 1485 + if (rc) { 1487 1486 kfree_sensitive(ses->auth_key.response); 1487 + ses->auth_key.response = NULL; 1488 + ses->auth_key.len = 0; 1489 + } 1488 1490 out: 1489 1491 sess_data->result = rc; 1490 1492 sess_data->func = NULL;