cifs: replace various strncpy with strscpy and similar

Using strscpy is cleaner, and avoids some problems with
handling maximum length strings.  Linus noticed the
original problem and Aurelien pointed out some additional
problems. Fortunately most of this is SMB1 code (and
in particular the ASCII string handling older, which
is less common).

Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
This commit is contained in:
Ronnie Sahlberg
2019-08-27 09:30:14 +10:00
committed by Steve French
parent 478228e57f
commit 340625e618
6 changed files with 112 additions and 146 deletions

View File

@@ -159,13 +159,16 @@ static void ascii_ssetup_strings(char **pbcc_area, struct cifs_ses *ses,
const struct nls_table *nls_cp)
{
char *bcc_ptr = *pbcc_area;
int len;
/* copy user */
/* BB what about null user mounts - check that we do this BB */
/* copy user */
if (ses->user_name != NULL) {
strncpy(bcc_ptr, ses->user_name, CIFS_MAX_USERNAME_LEN);
bcc_ptr += strnlen(ses->user_name, CIFS_MAX_USERNAME_LEN);
len = strscpy(bcc_ptr, ses->user_name, CIFS_MAX_USERNAME_LEN);
if (WARN_ON_ONCE(len < 0))
len = CIFS_MAX_USERNAME_LEN - 1;
bcc_ptr += len;
}
/* else null user mount */
*bcc_ptr = 0;
@@ -173,8 +176,10 @@ static void ascii_ssetup_strings(char **pbcc_area, struct cifs_ses *ses,
/* copy domain */
if (ses->domainName != NULL) {
strncpy(bcc_ptr, ses->domainName, CIFS_MAX_DOMAINNAME_LEN);
bcc_ptr += strnlen(ses->domainName, CIFS_MAX_DOMAINNAME_LEN);
len = strscpy(bcc_ptr, ses->domainName, CIFS_MAX_DOMAINNAME_LEN);
if (WARN_ON_ONCE(len < 0))
len = CIFS_MAX_DOMAINNAME_LEN - 1;
bcc_ptr += len;
} /* else we will send a null domain name
so the server will default to its own domain */
*bcc_ptr = 0;
@@ -242,9 +247,10 @@ static void decode_ascii_ssetup(char **pbcc_area, __u16 bleft,
kfree(ses->serverOS);
ses->serverOS = kzalloc(len + 1, GFP_KERNEL);
ses->serverOS = kmalloc(len + 1, GFP_KERNEL);
if (ses->serverOS) {
strncpy(ses->serverOS, bcc_ptr, len);
memcpy(ses->serverOS, bcc_ptr, len);
ses->serverOS[len] = 0;
if (strncmp(ses->serverOS, "OS/2", 4) == 0)
cifs_dbg(FYI, "OS/2 server\n");
}
@@ -258,9 +264,11 @@ static void decode_ascii_ssetup(char **pbcc_area, __u16 bleft,
kfree(ses->serverNOS);
ses->serverNOS = kzalloc(len + 1, GFP_KERNEL);
if (ses->serverNOS)
strncpy(ses->serverNOS, bcc_ptr, len);
ses->serverNOS = kmalloc(len + 1, GFP_KERNEL);
if (ses->serverNOS) {
memcpy(ses->serverNOS, bcc_ptr, len);
ses->serverNOS[len] = 0;
}
bcc_ptr += len + 1;
bleft -= len + 1;