From patchwork Fri May 23 10:53:10 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jeff Layton <jlayton@poochiereds.net>
X-Patchwork-Id: 4231291
Return-Path: <linux-cifs-owner@kernel.org>
X-Original-To: patchwork-cifs-client@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.19.201])
	by patchwork2.web.kernel.org (Postfix) with ESMTP id 9DD6DBF90B
	for <patchwork-cifs-client@patchwork.kernel.org>;
	Fri, 23 May 2014 10:53:24 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id C09992037A
	for <patchwork-cifs-client@patchwork.kernel.org>;
	Fri, 23 May 2014 10:53:23 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id EE27B20170
	for <patchwork-cifs-client@patchwork.kernel.org>;
	Fri, 23 May 2014 10:53:22 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753911AbaEWKxU (ORCPT
	<rfc822;patchwork-cifs-client@patchwork.kernel.org>);
	Fri, 23 May 2014 06:53:20 -0400
Received: from mail-qc0-f171.google.com ([209.85.216.171]:41390 "EHLO
	mail-qc0-f171.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1753539AbaEWKxR (ORCPT
	<rfc822; linux-cifs@vger.kernel.org>); Fri, 23 May 2014 06:53:17 -0400
Received: by mail-qc0-f171.google.com with SMTP id x13so7791883qcv.2
	for <linux-cifs@vger.kernel.org>;
	Fri, 23 May 2014 03:53:16 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=jSdW+27Sd8gE1fOUruuTdH4yz1sZfOFGr0uTrspEPRc=;
	b=gKNo8qA7wnHNqUOqDpfD0OV0pmgcP7F7sUIHGLmhi50q1eV14FiQbYso8xI5Q5DYkp
	OAL50xLjoGq7S0MEtrzkGKugTuw0CNPw/vxtKwWKqLVWyaE4TsyTdqN8cfWzjrswRW7u
	Z47Iw9E6p4xcn58uXQvtUqW8ya7c99T13SzlmFIiB9hdwL3Lwa6d04taRbSWhNYAPqbu
	FQ9G+M9cse5uKusXCDtg0mqnIZRlxdqLQy1VVfxLVkYLU3iaoyZD2pI6MjQ4L119WYMI
	zqyiL+5NHX0WHuaGVAjNq2jCedCtUj2TvTBGuK5hBnoCj6xuZQfME2B47C0WvzfGcrc2
	TIuw==
X-Gm-Message-State: 
 ALoCoQkuQH5vt/iUVoFqXeUHyiRsqcGSM4pR10HPGzhV0Y58/y3MVfIYE9HtO/+jIlhA4M/9DlzW
X-Received: by 10.140.32.195 with SMTP id h61mr5019422qgh.10.1400842396740;
	Fri, 23 May 2014 03:53:16 -0700 (PDT)
Received: from tlielax.poochiereds.net ([2001:470:8:d63:3a60:77ff:fe93:a95d])
	by mx.google.com with ESMTPSA id
	c10sm4302391qad.41.2014.05.23.03.53.15 for <multiple recipients>
	(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Fri, 23 May 2014 03:53:15 -0700 (PDT)
From: Jeff Layton <jlayton@poochiereds.net>
To: smfrench@gmail.com
Cc: linux-cifs@vger.kernel.org,
	Dan Carpenter <dan.carpenter@oracle.com>
Subject: [PATCH] cifs: ensure that vol->username is not NULL before running
	strlen on it
Date: Fri, 23 May 2014 06:53:10 -0400
Message-Id: <1400842390-13488-1-git-send-email-jlayton@poochiereds.net>
X-Mailer: git-send-email 1.9.0
Sender: linux-cifs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-cifs.vger.kernel.org>
X-Mailing-List: linux-cifs@vger.kernel.org
X-Spam-Status: No, score=-7.5 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI,
	RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Dan Carpenter says:

The patch 04febabcf55b: "cifs: sanitize username handling" from Jan
17, 2012, leads to the following static checker warning:

	fs/cifs/connect.c:2231 match_session()
	error: we previously assumed 'vol->username' could be null (see line 2228)

fs/cifs/connect.c
  2219                  /* NULL username means anonymous session */
  2220                  if (ses->user_name == NULL) {
  2221                          if (!vol->nullauth)
  2222                                  return 0;
  2223                          break;
  2224                  }
  2225
  2226                  /* anything else takes username/password */
  2227                  if (strncmp(ses->user_name,
  2228                              vol->username ? vol->username : "",
                                    ^^^^^^^^^^^^^
We added this check for vol->username here.

  2229                              CIFS_MAX_USERNAME_LEN))
  2230                          return 0;
  2231                  if (strlen(vol->username) != 0 &&
                                   ^^^^^^^^^^^^^
But this dereference is not checked.

  2232                      ses->password != NULL &&
  2233                      strncmp(ses->password,
  2234                              vol->password ? vol->password : "",
  2235                              CIFS_MAX_PASSWORD_LEN))
  2236                          return 0;

...fix this by ensuring that vol->username is not NULL before running
strlen on it.

Signed-off-by: Jeff Layton <jlayton@poochiereds.net>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
---
 fs/cifs/connect.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 8b8fe9b373f2..20d75b8ddb26 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -2228,7 +2228,7 @@ static int match_session(struct cifs_ses *ses, struct smb_vol *vol)
 			    vol->username ? vol->username : "",
 			    CIFS_MAX_USERNAME_LEN))
 			return 0;
-		if (strlen(vol->username) != 0 &&
+		if ((vol->username && strlen(vol->username) != 0) &&
 		    ses->password != NULL &&
 		    strncmp(ses->password,
 			    vol->password ? vol->password : "",