cifs: replace various strncpy with strscpy and similar
Using strscpy is cleaner, and avoids some problems with handling maximum length strings. Linus noticed the original problem and Aurelien pointed out some additional problems. Fortunately most of this is SMB1 code (and in particular the ASCII string handling older, which is less common). Reported-by: Linus Torvalds <torvalds@linux-foundation.org> Reviewed-by: Aurelien Aptel <aaptel@suse.com> Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com> Signed-off-by: Steve French <stfrench@microsoft.com>
This commit is contained in:

committed by
Steve French

parent
478228e57f
commit
340625e618
@@ -159,13 +159,16 @@ static void ascii_ssetup_strings(char **pbcc_area, struct cifs_ses *ses,
|
||||
const struct nls_table *nls_cp)
|
||||
{
|
||||
char *bcc_ptr = *pbcc_area;
|
||||
int len;
|
||||
|
||||
/* copy user */
|
||||
/* BB what about null user mounts - check that we do this BB */
|
||||
/* copy user */
|
||||
if (ses->user_name != NULL) {
|
||||
strncpy(bcc_ptr, ses->user_name, CIFS_MAX_USERNAME_LEN);
|
||||
bcc_ptr += strnlen(ses->user_name, CIFS_MAX_USERNAME_LEN);
|
||||
len = strscpy(bcc_ptr, ses->user_name, CIFS_MAX_USERNAME_LEN);
|
||||
if (WARN_ON_ONCE(len < 0))
|
||||
len = CIFS_MAX_USERNAME_LEN - 1;
|
||||
bcc_ptr += len;
|
||||
}
|
||||
/* else null user mount */
|
||||
*bcc_ptr = 0;
|
||||
@@ -173,8 +176,10 @@ static void ascii_ssetup_strings(char **pbcc_area, struct cifs_ses *ses,
|
||||
|
||||
/* copy domain */
|
||||
if (ses->domainName != NULL) {
|
||||
strncpy(bcc_ptr, ses->domainName, CIFS_MAX_DOMAINNAME_LEN);
|
||||
bcc_ptr += strnlen(ses->domainName, CIFS_MAX_DOMAINNAME_LEN);
|
||||
len = strscpy(bcc_ptr, ses->domainName, CIFS_MAX_DOMAINNAME_LEN);
|
||||
if (WARN_ON_ONCE(len < 0))
|
||||
len = CIFS_MAX_DOMAINNAME_LEN - 1;
|
||||
bcc_ptr += len;
|
||||
} /* else we will send a null domain name
|
||||
so the server will default to its own domain */
|
||||
*bcc_ptr = 0;
|
||||
@@ -242,9 +247,10 @@ static void decode_ascii_ssetup(char **pbcc_area, __u16 bleft,
|
||||
|
||||
kfree(ses->serverOS);
|
||||
|
||||
ses->serverOS = kzalloc(len + 1, GFP_KERNEL);
|
||||
ses->serverOS = kmalloc(len + 1, GFP_KERNEL);
|
||||
if (ses->serverOS) {
|
||||
strncpy(ses->serverOS, bcc_ptr, len);
|
||||
memcpy(ses->serverOS, bcc_ptr, len);
|
||||
ses->serverOS[len] = 0;
|
||||
if (strncmp(ses->serverOS, "OS/2", 4) == 0)
|
||||
cifs_dbg(FYI, "OS/2 server\n");
|
||||
}
|
||||
@@ -258,9 +264,11 @@ static void decode_ascii_ssetup(char **pbcc_area, __u16 bleft,
|
||||
|
||||
kfree(ses->serverNOS);
|
||||
|
||||
ses->serverNOS = kzalloc(len + 1, GFP_KERNEL);
|
||||
if (ses->serverNOS)
|
||||
strncpy(ses->serverNOS, bcc_ptr, len);
|
||||
ses->serverNOS = kmalloc(len + 1, GFP_KERNEL);
|
||||
if (ses->serverNOS) {
|
||||
memcpy(ses->serverNOS, bcc_ptr, len);
|
||||
ses->serverNOS[len] = 0;
|
||||
}
|
||||
|
||||
bcc_ptr += len + 1;
|
||||
bleft -= len + 1;
|
||||
|
Reference in New Issue
Block a user