Commit a29967be authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'v6.14-rc6-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6 

Pull smb client fixes from Steve French:
 "Six smb3 client fixes, all also for stable"

* tag 'v6.14-rc6-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6:
  smb: client: Fix match_session bug preventing session reuse
  cifs: Fix integer overflow while processing closetimeo mount option
  cifs: Fix integer overflow while processing actimeo mount option
  cifs: Fix integer overflow while processing acdirmax mount option
  cifs: Fix integer overflow while processing acregmax mount option
  smb: client: fix regression with guest option
parents 85ac31fe 605b249e

fs/smb/client/connect.c

+12 −4
Original line number Diff line number Diff line
@@ -1825,9 +1825,8 @@ static int match_session(struct cifs_ses *ses, 
			 struct smb3_fs_context *ctx,

			 bool match_super)

{

	if (ctx->sectype != Unspecified &&

	    ctx->sectype != ses->sectype)

		return 0;

	struct TCP_Server_Info *server = ses->server;

	enum securityEnum ctx_sec, ses_sec;



	if (!match_super && ctx->dfs_root_ses != ses->dfs_root_ses)

		return 0;
@@ -1839,11 +1838,20 @@ static int match_session(struct cifs_ses *ses, 
	if (ses->chan_max < ctx->max_channels)

		return 0;



	switch (ses->sectype) {

	ctx_sec = server->ops->select_sectype(server, ctx->sectype);

	ses_sec = server->ops->select_sectype(server, ses->sectype);



	if (ctx_sec != ses_sec)

		return 0;



	switch (ctx_sec) {

	case IAKerb:

	case Kerberos:

		if (!uid_eq(ctx->cred_uid, ses->cred_uid))

			return 0;

		break;

	case NTLMv2:

	case RawNTLMSSP:

	default:

		/* NULL username means anonymous session */

		if (ses->user_name == NULL) {

fs/smb/client/fs_context.c

+11 −7
Original line number Diff line number Diff line
@@ -171,6 +171,7 @@ const struct fs_parameter_spec smb3_fs_parameters[] = { 
	fsparam_string("username", Opt_user),

	fsparam_string("pass", Opt_pass),

	fsparam_string("password", Opt_pass),

	fsparam_string("pass2", Opt_pass2),

	fsparam_string("password2", Opt_pass2),

	fsparam_string("ip", Opt_ip),

	fsparam_string("addr", Opt_ip),
@@ -1131,6 +1132,9 @@ static int smb3_fs_context_parse_param(struct fs_context *fc, 
		} else if (!strcmp("user", param->key) || !strcmp("username", param->key)) {

			skip_parsing = true;

			opt = Opt_user;

		} else if (!strcmp("pass2", param->key) || !strcmp("password2", param->key)) {

			skip_parsing = true;

			opt = Opt_pass2;

		}

	}
@@ -1340,21 +1344,21 @@ static int smb3_fs_context_parse_param(struct fs_context *fc, 
		}

		break;

	case Opt_acregmax:

		ctx->acregmax = HZ * result.uint_32;

		if (ctx->acregmax > CIFS_MAX_ACTIMEO) {

		if (result.uint_32 > CIFS_MAX_ACTIMEO / HZ) {

			cifs_errorf(fc, "acregmax too large\n");

			goto cifs_parse_mount_err;

		}

		ctx->acregmax = HZ * result.uint_32;

		break;

	case Opt_acdirmax:

		ctx->acdirmax = HZ * result.uint_32;

		if (ctx->acdirmax > CIFS_MAX_ACTIMEO) {

		if (result.uint_32 > CIFS_MAX_ACTIMEO / HZ) {

			cifs_errorf(fc, "acdirmax too large\n");

			goto cifs_parse_mount_err;

		}

		ctx->acdirmax = HZ * result.uint_32;

		break;

	case Opt_actimeo:

		if (HZ * result.uint_32 > CIFS_MAX_ACTIMEO) {

		if (result.uint_32 > CIFS_MAX_ACTIMEO / HZ) {

			cifs_errorf(fc, "timeout too large\n");

			goto cifs_parse_mount_err;

		}
@@ -1366,11 +1370,11 @@ static int smb3_fs_context_parse_param(struct fs_context *fc, 
		ctx->acdirmax = ctx->acregmax = HZ * result.uint_32;

		break;

	case Opt_closetimeo:

		ctx->closetimeo = HZ * result.uint_32;

		if (ctx->closetimeo > SMB3_MAX_DCLOSETIMEO) {

		if (result.uint_32 > SMB3_MAX_DCLOSETIMEO / HZ) {

			cifs_errorf(fc, "closetimeo too large\n");

			goto cifs_parse_mount_err;

		}

		ctx->closetimeo = HZ * result.uint_32;

		break;

	case Opt_echo_interval:

		ctx->echo_interval = result.uint_32;