From patchwork Fri Oct 19 19:59:45 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Layton X-Patchwork-Id: 1619551 Return-Path: X-Original-To: patchwork-cifs-client@patchwork.kernel.org Delivered-To: patchwork-process-083081@patchwork2.kernel.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by patchwork2.kernel.org (Postfix) with ESMTP id AFB20DF2AB for ; Fri, 19 Oct 2012 19:59:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932822Ab2JST76 (ORCPT ); Fri, 19 Oct 2012 15:59:58 -0400 Received: from mail-ye0-f174.google.com ([209.85.213.174]:32942 "EHLO mail-ye0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932730Ab2JST75 (ORCPT ); Fri, 19 Oct 2012 15:59:57 -0400 Received: by mail-ye0-f174.google.com with SMTP id m12so74344yen.19 for ; Fri, 19 Oct 2012 12:59:57 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=sender:from:to:cc:subject:date:message-id:x-mailer:in-reply-to :references:x-gm-message-state; bh=cAUxB3H/6rJPKNdZ6LBC20D1pqgm3JkZmsFJZkkkXSk=; b=eGCyc01igkL2KUQVlf3GY+fUHPhsWv6qYAhAEKuPTdvlZ4vlvFSLPBDh8nox+mcgtc yi3X1bXaIfYVGs4E5o2ihezr9T7wM4MCZssUkL+i64Cd891mcmsUNRhCVaVoXURpy6Hr vXJJ1YqyxA8+4Em42okJbhxHH+VbQT1yi5kyLlkaSAZWm3gLm9o5tbZSgYX130NRI1Pm mq93nq4nnFX4+TfWlUq6O6mgvM7pSBtBDz3SHt4R/obSFa+IugCStmZTsos8R1i6Qk4I 4iKt3rdh8LEsm6oiBrek5VBFmbxYiIFl7kDYHoEo/w3DmXvuuVvg3fi5uIl8gV5FW7Ur GhTA== Received: by 10.236.141.78 with SMTP id f54mr2182172yhj.92.1350676797462; Fri, 19 Oct 2012 12:59:57 -0700 (PDT) Received: from salusa.poochiereds.net (cpe-107-015-110-129.nc.res.rr.com. [107.15.110.129]) by mx.google.com with ESMTPS id g2sm2261925yhj.9.2012.10.19.12.59.56 (version=SSLv3 cipher=OTHER); Fri, 19 Oct 2012 12:59:56 -0700 (PDT) From: Jeff Layton To: smfrench@gmail.com Cc: linux-cifs@vger.kernel.org, shirishpargaonkar@gmail.com Subject: [PATCH 3/3] cifs: deal with id_to_sid embedded sid reply corner case Date: Fri, 19 Oct 2012 15:59:45 -0400 Message-Id: <1350676785-8525-4-git-send-email-jlayton@redhat.com> X-Mailer: git-send-email 1.7.11.7 In-Reply-To: <1350676785-8525-1-git-send-email-jlayton@redhat.com> References: <1350676785-8525-1-git-send-email-jlayton@redhat.com> X-Gm-Message-State: ALoCoQmWTm2bgoa/MDGs1jgaSxosxRb79M1DWFQCE0BOmkuV4nzfFZ49LMBHDjsVXQb9yoEM9Cv/ Sender: linux-cifs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org A SID could potentially be embedded inside of payload.value if there are no subauthorities, and the arch has 8 byte pointers. Allow for that possibility there. While we're at it, rephrase the "embedding" check in terms of key->payload to allow for the possibility that the union might change size in the future. Signed-off-by: Jeff Layton --- fs/cifs/cifsacl.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/fs/cifs/cifsacl.c b/fs/cifs/cifsacl.c index 664abc3..bbe7928 100644 --- a/fs/cifs/cifsacl.c +++ b/fs/cifs/cifsacl.c @@ -63,7 +63,7 @@ cifs_idmap_key_instantiate(struct key *key, struct key_preparsed_payload *prep) * With this however, you must check the datalen before trying to * dereference payload.data! */ - if (prep->datalen <= sizeof(void *)) { + if (prep->datalen <= sizeof(key->payload)) { key->payload.value = 0; memcpy(&key->payload.value, prep->data, prep->datalen); key->datalen = prep->datalen; @@ -82,7 +82,7 @@ cifs_idmap_key_instantiate(struct key *key, struct key_preparsed_payload *prep) static inline void cifs_idmap_key_destroy(struct key *key) { - if (key->datalen > sizeof(void *)) + if (key->datalen > sizeof(key->payload)) kfree(key->payload.data); } @@ -222,7 +222,15 @@ id_to_sid(unsigned int cid, uint sidtype, struct cifs_sid *ssid) goto invalidate_key; } - ksid = (struct cifs_sid *)sidkey->payload.data; + /* + * A sid is usually too large to be embedded in payload.value, but if + * there are no subauthorities and the host has 8-byte pointers, then + * it could be. + */ + ksid = sidkey->datalen <= sizeof(sidkey->payload) ? + (struct cifs_sid *)&sidkey->payload.value : + (struct cifs_sid *)sidkey->payload.data; + ksid_size = CIFS_SID_BASE_SIZE + (ksid->num_subauth * sizeof(__le32)); if (ksid_size > sidkey->datalen) { rc = -EIO; @@ -230,6 +238,7 @@ id_to_sid(unsigned int cid, uint sidtype, struct cifs_sid *ssid) "ksid_size=%u)", __func__, sidkey->datalen, ksid_size); goto invalidate_key; } + cifs_copy_sid(ssid, ksid); key_set_timeout(sidkey, cifs_idmap_cache_timeout); out_key_put: