update 3.2 up to v3.2.98

4f75e546 · Vitaly Lipatov · dcdfaeb3 · 4f75e546 · 4f75e546 · 4f75e546
Commit 4f75e546 authored Feb 08, 2018 by Vitaly Lipatov
Showing with 95 additions and 57 deletions

cifssmb.c sources/3.2/cifssmb.c +15 -12

dir.c sources/3.2/dir.c +8 -0

inode.c sources/3.2/inode.c +2 -2

netmisc.c sources/3.2/netmisc.c +3 -3

sess.c sources/3.2/sess.c +67 -40

No files found.
--- a/sources/3.2/cifssmb.c
+++ b/sources/3.2/cifssmb.c
@@ -764,6 +764,9 @@ CIFSSMBEcho(struct TCP_Server_Info *server)
 	if (rc)
 		return rc;
+	if (server->capabilities & CAP_UNICODE)
+		smb->hdr.Flags2 |= SMBFLG2_UNICODE;
 	/* set up echo request */
 	smb->hdr.Tid = 0xffff;
 	smb->hdr.WordCount = 1;
@@ -3913,13 +3916,12 @@ CIFSSMBSetCIFSACL(const int xid, struct cifs_tcon *tcon, __u16 fid,
 	int rc = 0;
 	int bytes_returned = 0;
 	SET_SEC_DESC_REQ *pSMB = NULL;
-	NTRANSACT_RSP *pSMBr = NULL;
+	void *pSMBr;
 setCifsAclRetry:
-	rc = smb_init(SMB_COM_NT_TRANSACT, 19, tcon, (void **) &pSMB,
+	rc = smb_init(SMB_COM_NT_TRANSACT, 19, tcon, (void **) &pSMB, &pSMBr);
-			(void **) &pSMBr);
 	if (rc)
-			return (rc);
+		return rc;
 	pSMB->MaxSetupCount = 0;
 	pSMB->Reserved = 0;
@@ -3947,9 +3949,8 @@ setCifsAclRetry:
 	pSMB->AclFlags = cpu_to_le32(aclflag);
 	if (pntsd && acllen) {
-		memcpy((char *) &pSMBr->hdr.Protocol + data_offset,
+		memcpy((char *)pSMBr + offsetof(struct smb_hdr, Protocol) +
-			(char *) pntsd,
+				data_offset, pntsd, acllen);
-			acllen);
 		inc_rfc1001_len(pSMB, byte_count + data_count);
 	} else
 		inc_rfc1001_len(pSMB, byte_count);
@@ -5728,7 +5729,8 @@ CIFSSMBSetFileInfo(const int xid, struct cifs_tcon *tcon,
 	param_offset = offsetof(struct smb_com_transaction2_sfi_req, Fid) - 4;
 	offset = param_offset + params;
-	data_offset = (char *) (&pSMB->hdr.Protocol) + offset;
+	data_offset = (char *)pSMB +
+			offsetof(struct smb_hdr, Protocol) + offset;
 	count = sizeof(FILE_BASIC_INFO);
 	pSMB->MaxParameterCount = cpu_to_le16(2);
@@ -5997,7 +5999,7 @@ CIFSSMBUnixSetFileInfo(const int xid, struct cifs_tcon *tcon,
 		       u16 fid, u32 pid_of_opener)
 {
 	struct smb_com_transaction2_sfi_req *pSMB  = NULL;
-	FILE_UNIX_BASIC_INFO *data_offset;
+	char *data_offset;
 	int rc = 0;
 	u16 params, param_offset, offset, byte_count, count;
@@ -6019,8 +6021,9 @@ CIFSSMBUnixSetFileInfo(const int xid, struct cifs_tcon *tcon,
 	param_offset = offsetof(struct smb_com_transaction2_sfi_req, Fid) - 4;
 	offset = param_offset + params;
-	data_offset = (FILE_UNIX_BASIC_INFO *)
+	data_offset = (char *)pSMB +
-				((char *)(&pSMB->hdr.Protocol) + offset);
+			offsetof(struct smb_hdr, Protocol) + offset;
 	count = sizeof(FILE_UNIX_BASIC_INFO);
 	pSMB->MaxParameterCount = cpu_to_le16(2);
@@ -6042,7 +6045,7 @@ CIFSSMBUnixSetFileInfo(const int xid, struct cifs_tcon *tcon,
 	inc_rfc1001_len(pSMB, byte_count);
 	pSMB->ByteCount = cpu_to_le16(byte_count);
-	cifs_fill_unix_set_info(data_offset, args);
+	cifs_fill_unix_set_info((FILE_UNIX_BASIC_INFO *)data_offset, args);
 	rc = SendReceiveNoRsp(xid, tcon->ses, (struct smb_hdr *) pSMB, 0);
 	if (rc)

--- a/sources/3.2/dir.c
+++ b/sources/3.2/dir.c
@@ -523,6 +523,14 @@ cifs_lookup(struct inode *parent_dir_inode, struct dentry *direntry,
 	oplock = pTcon->ses->server->oplocks ? REQ_OPLOCK : 0;
+	/* Don't allow path components longer than the server max. */
+	if (unlikely(pTcon->fsAttrInfo.MaxPathNameComponentLength &&
+		     direntry->d_name.len >
+		     le32_to_cpu(pTcon->fsAttrInfo.MaxPathNameComponentLength))) {
+		rc = -ENAMETOOLONG;
+		goto lookup_out;
+	}
 	/*
 	 * Don't allow the separator character in a path component.
 	 * The VFS will not allow "/", but "\" is allowed by posix.

--- a/sources/3.2/inode.c
+++ b/sources/3.2/inode.c
@@ -1948,7 +1948,7 @@ cifs_setattr_unix(struct dentry *direntry, struct iattr *attrs)
 	if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_NO_PERM)
 		attrs->ia_valid |= ATTR_FORCE;
-	rc = inode_change_ok(inode, attrs);
+	rc = setattr_prepare(direntry, attrs);
 	if (rc < 0)
 		goto out;
@@ -2089,7 +2089,7 @@ cifs_setattr_nounix(struct dentry *direntry, struct iattr *attrs)
 	if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_NO_PERM)
 		attrs->ia_valid |= ATTR_FORCE;
-	rc = inode_change_ok(inode, attrs);
+	rc = setattr_prepare(direntry, attrs);
 	if (rc < 0) {
 		FreeXid(xid);
 		return rc;

--- a/sources/3.2/netmisc.c
+++ b/sources/3.2/netmisc.c
@@ -974,10 +974,10 @@ struct timespec cnvrtDosUnixTm(__le16 le_date, __le16 le_time, int offset)
 		cERROR(1, "illegal hours %d", st->Hours);
 	days = sd->Day;
 	month = sd->Month;
-	if ((days > 31) || (month > 12)) {
+	if (days < 1 || days > 31 || month < 1 || month > 12) {
 		cERROR(1, "illegal date, month %d day: %d", month, days);
-		if (month > 12)
+		days = clamp(days, 1, 31);
-			month = 12;
+		month = clamp(month, 1, 12);
 	}
 	month -= 1;
 	days += total_days_of_prev_months[month];

--- a/sources/3.2/sess.c
+++ b/sources/3.2/sess.c
@@ -444,19 +444,43 @@ static void build_ntlmssp_negotiate_blob(unsigned char *pbuffer,
 	sec_blob->DomainName.MaximumLength = 0;
 }
-/* We do not malloc the blob, it is passed in pbuffer, because its
+static int size_of_ntlmssp_blob(struct cifs_ses *ses)
-   maximum possible size is fixed and small, making this approach cleaner.
+{
-   This function returns the length of the data in the blob */
+	int sz = sizeof(AUTHENTICATE_MESSAGE) + ses->auth_key.len
-static int build_ntlmssp_auth_blob(unsigned char *pbuffer,
+		- CIFS_SESS_KEY_SIZE + CIFS_CPHTXT_SIZE + 2;
+	if (ses->domainName)
+		sz += 2 * strnlen(ses->domainName, CIFS_MAX_DOMAINNAME_LEN);
+	else
+		sz += 2;
+	if (ses->user_name)
+		sz += 2 * strnlen(ses->user_name, MAX_USERNAME_SIZE);
+	else
+		sz += 2;
+	return sz;
+}
+static int build_ntlmssp_auth_blob(unsigned char **pbuffer,
 					u16 *buflen,
 				   struct cifs_ses *ses,
 				   const struct nls_table *nls_cp)
 {
 	int rc;
-	AUTHENTICATE_MESSAGE *sec_blob = (AUTHENTICATE_MESSAGE *)pbuffer;
+	AUTHENTICATE_MESSAGE *sec_blob;
 	__u32 flags;
 	unsigned char *tmp;
+	rc = setup_ntlmv2_rsp(ses, nls_cp);
+	if (rc) {
+		cERROR(1, "Error %d during NTLMSSP authentication", rc);
+		*buflen = 0;
+		goto setup_ntlmv2_ret;
+	}
+	*pbuffer = kmalloc(size_of_ntlmssp_blob(ses), GFP_KERNEL);
+	sec_blob = (AUTHENTICATE_MESSAGE *)*pbuffer;
 	memcpy(sec_blob->Signature, NTLMSSP_SIGNATURE, 8);
 	sec_blob->MessageType = NtLmAuthenticate;
@@ -471,7 +495,7 @@ static int build_ntlmssp_auth_blob(unsigned char *pbuffer,
 			flags |= NTLMSSP_NEGOTIATE_KEY_XCH;
 	}
-	tmp = pbuffer + sizeof(AUTHENTICATE_MESSAGE);
+	tmp = *pbuffer + sizeof(AUTHENTICATE_MESSAGE);
 	sec_blob->NegotiateFlags = cpu_to_le32(flags);
 	sec_blob->LmChallengeResponse.BufferOffset =
@@ -479,12 +503,9 @@ static int build_ntlmssp_auth_blob(unsigned char *pbuffer,
 	sec_blob->LmChallengeResponse.Length = 0;
 	sec_blob->LmChallengeResponse.MaximumLength = 0;
-	sec_blob->NtChallengeResponse.BufferOffset = cpu_to_le32(tmp - pbuffer);
+	sec_blob->NtChallengeResponse.BufferOffset =
-	rc = setup_ntlmv2_rsp(ses, nls_cp);
+				cpu_to_le32(tmp - *pbuffer);
-	if (rc) {
+	if (ses->user_name != NULL) {
-		cERROR(1, "Error %d during NTLMSSP authentication", rc);
-		goto setup_ntlmv2_ret;
-	}
 		memcpy(tmp, ses->auth_key.response + CIFS_SESS_KEY_SIZE,
 				ses->auth_key.len - CIFS_SESS_KEY_SIZE);
 		tmp += ses->auth_key.len - CIFS_SESS_KEY_SIZE;
@@ -493,9 +514,16 @@ static int build_ntlmssp_auth_blob(unsigned char *pbuffer,
 				cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE);
 		sec_blob->NtChallengeResponse.MaximumLength =
 				cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE);
+	} else {
+		/*
+		 * don't send an NT Response for anonymous access
+		 */
+		sec_blob->NtChallengeResponse.Length = 0;
+		sec_blob->NtChallengeResponse.MaximumLength = 0;
+	}
 	if (ses->domainName == NULL) {
-		sec_blob->DomainName.BufferOffset = cpu_to_le32(tmp - pbuffer);
+		sec_blob->DomainName.BufferOffset = cpu_to_le32(tmp - *pbuffer);
 		sec_blob->DomainName.Length = 0;
 		sec_blob->DomainName.MaximumLength = 0;
 		tmp += 2;
@@ -504,14 +532,14 @@ static int build_ntlmssp_auth_blob(unsigned char *pbuffer,
 		len = cifs_strtoUCS((__le16 *)tmp, ses->domainName,
 				    MAX_USERNAME_SIZE, nls_cp);
 		len *= 2; /* unicode is 2 bytes each */
-		sec_blob->DomainName.BufferOffset = cpu_to_le32(tmp - pbuffer);
+		sec_blob->DomainName.BufferOffset = cpu_to_le32(tmp - *pbuffer);
 		sec_blob->DomainName.Length = cpu_to_le16(len);
 		sec_blob->DomainName.MaximumLength = cpu_to_le16(len);
 		tmp += len;
 	}
 	if (ses->user_name == NULL) {
-		sec_blob->UserName.BufferOffset = cpu_to_le32(tmp - pbuffer);
+		sec_blob->UserName.BufferOffset = cpu_to_le32(tmp - *pbuffer);
 		sec_blob->UserName.Length = 0;
 		sec_blob->UserName.MaximumLength = 0;
 		tmp += 2;
@@ -520,13 +548,13 @@ static int build_ntlmssp_auth_blob(unsigned char *pbuffer,
 		len = cifs_strtoUCS((__le16 *)tmp, ses->user_name,
 				    MAX_USERNAME_SIZE, nls_cp);
 		len *= 2; /* unicode is 2 bytes each */
-		sec_blob->UserName.BufferOffset = cpu_to_le32(tmp - pbuffer);
+		sec_blob->UserName.BufferOffset = cpu_to_le32(tmp - *pbuffer);
 		sec_blob->UserName.Length = cpu_to_le16(len);
 		sec_blob->UserName.MaximumLength = cpu_to_le16(len);
 		tmp += len;
 	}
-	sec_blob->WorkstationName.BufferOffset = cpu_to_le32(tmp - pbuffer);
+	sec_blob->WorkstationName.BufferOffset = cpu_to_le32(tmp - *pbuffer);
 	sec_blob->WorkstationName.Length = 0;
 	sec_blob->WorkstationName.MaximumLength = 0;
 	tmp += 2;
@@ -535,19 +563,19 @@ static int build_ntlmssp_auth_blob(unsigned char *pbuffer,
 		(ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_EXTENDED_SEC))
 			&& !calc_seckey(ses)) {
 		memcpy(tmp, ses->ntlmssp->ciphertext, CIFS_CPHTXT_SIZE);
-		sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - pbuffer);
+		sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - *pbuffer);
 		sec_blob->SessionKey.Length = cpu_to_le16(CIFS_CPHTXT_SIZE);
 		sec_blob->SessionKey.MaximumLength =
 				cpu_to_le16(CIFS_CPHTXT_SIZE);
 		tmp += CIFS_CPHTXT_SIZE;
 	} else {
-		sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - pbuffer);
+		sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - *pbuffer);
 		sec_blob->SessionKey.Length = 0;
 		sec_blob->SessionKey.MaximumLength = 0;
 	}
+	*buflen = tmp - *pbuffer;
 setup_ntlmv2_ret:
-	*buflen = tmp - pbuffer;
 	return rc;
 }
@@ -570,7 +598,7 @@ CIFS_SessSetup(unsigned int xid, struct cifs_ses *ses,
 	struct key *spnego_key = NULL;
 	__le32 phase = NtLmNegotiate; /* NTLMSSP, if needed, is multistage */
 	u16 blob_len;
-	char *ntlmsspblob = NULL;
+	unsigned char *ntlmsspblob = NULL;
 	if (ses == NULL)
 		return -EINVAL;
@@ -647,8 +675,8 @@ ssetup_ntlmssp_authenticate:
 		pSMB->req.hdr.Flags2 &= ~SMBFLG2_UNICODE;
+		if (ses->user_name != NULL) {
 			/* no capabilities flags in old lanman negotiation */
 			pSMB->old_req.PasswordLength = cpu_to_le16(CIFS_AUTH_RESP_SIZE);
 			/* Calculate hash with password and copy into bcc_ptr.
@@ -656,14 +684,16 @@ ssetup_ntlmssp_authenticate:
 			 * security mode bit in Negottiate Protocol response states
 			 * to use challenge/response method (i.e. Password bit is 1).
 			 */
 			rc = calc_lanman_hash(ses->password, ses->server->cryptkey,
 					      ses->server->sec_mode & SECMODE_PW_ENCRYPT ?
 					      true : false, lnm_session_key);
-		ses->flags |= CIFS_SES_LANMAN;
 			memcpy(bcc_ptr, (char *)lnm_session_key, CIFS_AUTH_RESP_SIZE);
 			bcc_ptr += CIFS_AUTH_RESP_SIZE;
+		} else {
+			pSMB->old_req.PasswordLength = 0;
+		}
+		ses->flags |= CIFS_SES_LANMAN;
 		/* can not sign if LANMAN negotiated so no need
 		to calculate signing key? but what if server
@@ -676,6 +706,7 @@ ssetup_ntlmssp_authenticate:
 #endif
 	} else if (type == NTLM) {
 		pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
+		if (ses->user_name != NULL) {
 			pSMB->req_no_secext.CaseInsensitivePasswordLength =
 					cpu_to_le16(CIFS_AUTH_RESP_SIZE);
 			pSMB->req_no_secext.CaseSensitivePasswordLength =
@@ -684,7 +715,8 @@ ssetup_ntlmssp_authenticate:
 			/* calculate ntlm response and session key */
 			rc = setup_ntlm_response(ses, nls_cp);
 			if (rc) {
-			cERROR(1, "Error %d during NTLM authentication", rc);
+				cERROR(1, "Error %d during NTLM authentication",
+						 rc);
 				goto ssetup_exit;
 			}
@@ -695,6 +727,10 @@ ssetup_ntlmssp_authenticate:
 			memcpy(bcc_ptr, ses->auth_key.response + CIFS_SESS_KEY_SIZE,
 					CIFS_AUTH_RESP_SIZE);
 			bcc_ptr += CIFS_AUTH_RESP_SIZE;
+		} else {
+			pSMB->req_no_secext.CaseInsensitivePasswordLength = 0;
+			pSMB->req_no_secext.CaseSensitivePasswordLength = 0;
+		}
 		if (ses->capabilities & CAP_UNICODE) {
 			/* unicode strings must be word aligned */
@@ -711,12 +747,14 @@ ssetup_ntlmssp_authenticate:
 		/* LM2 password would be here if we supported it */
 		pSMB->req_no_secext.CaseInsensitivePasswordLength = 0;
+		if (ses->user_name != NULL) {
 			/* calculate nlmv2 response and session key */
 			rc = setup_ntlmv2_rsp(ses, nls_cp);
 			if (rc) {
 				cERROR(1, "Error %d during NTLMv2 authentication", rc);
 				goto ssetup_exit;
 			}
 			memcpy(bcc_ptr, ses->auth_key.response + CIFS_SESS_KEY_SIZE,
 					ses->auth_key.len - CIFS_SESS_KEY_SIZE);
 			bcc_ptr += ses->auth_key.len - CIFS_SESS_KEY_SIZE;
@@ -726,6 +764,9 @@ ssetup_ntlmssp_authenticate:
 			 */
 			pSMB->req_no_secext.CaseSensitivePasswordLength =
 				cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE);
+		} else {
+			pSMB->req_no_secext.CaseSensitivePasswordLength = 0;
+		}
 		if (ses->capabilities & CAP_UNICODE) {
 			if (iov[0].iov_len % 2) {
@@ -811,21 +852,7 @@ ssetup_ntlmssp_authenticate:
 				cpu_to_le16(sizeof(NEGOTIATE_MESSAGE));
 			break;
 		case NtLmAuthenticate:
-			/*
+			rc = build_ntlmssp_auth_blob(&ntlmsspblob,
-			 * 5 is an empirical value, large enough to hold
-			 * authenticate message plus max 10 of av paris,
-			 * domain, user, workstation names, flags, etc.
-			 */
-			ntlmsspblob = kzalloc(
-				5*sizeof(struct _AUTHENTICATE_MESSAGE),
-				GFP_KERNEL);
-			if (!ntlmsspblob) {
-				cERROR(1, "Can't allocate NTLMSSP blob");
-				rc = -ENOMEM;
-				goto ssetup_exit;
-			}
-			rc = build_ntlmssp_auth_blob(ntlmsspblob,
 						&blob_len, ses, nls_cp);
 			if (rc)
 				goto ssetup_exit;