Commit b35ad63e authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag '6.2-rc3-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6 

Pull cifs fixes from Steve French:

 - memory leak and double free fix

 - two symlink fixes

 - minor cleanup fix

 - two smb1 fixes

* tag '6.2-rc3-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6:
  cifs: Fix uninitialized memory read for smb311 posix symlink create
  cifs: fix potential memory leaks in session setup
  cifs: do not query ifaces on smb1 mounts
  cifs: fix double free on failed kerberos auth
  cifs: remove redundant assignment to the variable match
  cifs: fix file info setting in cifs_open_file()
  cifs: fix file info setting in cifs_query_path_info()
parents 8e768130 a152d05a

fs/cifs/cifsencrypt.c

+1 −0
Original line number Original line Diff line number Diff line
@@ -278,6 +278,7 @@ build_avpair_blob(struct cifs_ses *ses, const struct nls_table *nls_cp) 
	 * ( for NTLMSSP_AV_NB_DOMAIN_NAME followed by NTLMSSP_AV_EOL ) +

	 * ( for NTLMSSP_AV_NB_DOMAIN_NAME followed by NTLMSSP_AV_EOL ) +

	 * unicode length of a netbios domain name

	 * unicode length of a netbios domain name

	 */

	 */

	kfree_sensitive(ses->auth_key.response);

	ses->auth_key.len = size + 2 * dlen;

	ses->auth_key.len = size + 2 * dlen;

	ses->auth_key.response = kzalloc(ses->auth_key.len, GFP_KERNEL);

	ses->auth_key.response = kzalloc(ses->auth_key.len, GFP_KERNEL);

	if (!ses->auth_key.response) {

	if (!ses->auth_key.response) {

fs/cifs/connect.c

+6 −3
Original line number Original line Diff line number Diff line
@@ -2606,11 +2606,14 @@ cifs_get_tcon(struct cifs_ses *ses, struct smb3_fs_context *ctx) 
	INIT_LIST_HEAD(&tcon->pending_opens);

	INIT_LIST_HEAD(&tcon->pending_opens);

	tcon->status = TID_GOOD;

	tcon->status = TID_GOOD;





	/* schedule query interfaces poll */

	INIT_DELAYED_WORK(&tcon->query_interfaces,

	INIT_DELAYED_WORK(&tcon->query_interfaces,

			  smb2_query_server_interfaces);

			  smb2_query_server_interfaces);

	if (ses->server->dialect >= SMB30_PROT_ID &&

	    (ses->server->capabilities & SMB2_GLOBAL_CAP_MULTI_CHANNEL)) {

		/* schedule query interfaces poll */

		queue_delayed_work(cifsiod_wq, &tcon->query_interfaces,

		queue_delayed_work(cifsiod_wq, &tcon->query_interfaces,

				   (SMB_INTERFACE_POLL_INTERVAL * HZ));

				   (SMB_INTERFACE_POLL_INTERVAL * HZ));

	}





	spin_lock(&cifs_tcp_ses_lock);

	spin_lock(&cifs_tcp_ses_lock);

	list_add(&tcon->tcon_list, &ses->tcon_list);

	list_add(&tcon->tcon_list, &ses->tcon_list);

fs/cifs/dfs_cache.c

+0 −1
Original line number Original line Diff line number Diff line
@@ -1299,7 +1299,6 @@ static bool target_share_equal(struct TCP_Server_Info *server, const char *s1, c 
	 * Resolve share's hostname and check if server address matches.  Otherwise just ignore it

	 * Resolve share's hostname and check if server address matches.  Otherwise just ignore it

	 * as we could not have upcall to resolve hostname or failed to convert ip address.

	 * as we could not have upcall to resolve hostname or failed to convert ip address.

	 */

	 */

	match = true;

	extract_unc_hostname(s1, &host, &hostlen);

	extract_unc_hostname(s1, &host, &hostlen);

	scnprintf(unc, sizeof(unc), "\\\\%.*s", (int)hostlen, host);

	scnprintf(unc, sizeof(unc), "\\\\%.*s", (int)hostlen, host);

fs/cifs/link.c

+1 −0
Original line number Original line Diff line number Diff line
@@ -428,6 +428,7 @@ smb3_create_mf_symlink(unsigned int xid, struct cifs_tcon *tcon, 
	oparms.disposition = FILE_CREATE;

	oparms.disposition = FILE_CREATE;

	oparms.fid = &fid;

	oparms.fid = &fid;

	oparms.reconnect = false;

	oparms.reconnect = false;

	oparms.mode = 0644;





	rc = SMB2_open(xid, &oparms, utf16_path, &oplock, NULL, NULL,

	rc = SMB2_open(xid, &oparms, utf16_path, &oplock, NULL, NULL,

		       NULL, NULL);

		       NULL, NULL);

fs/cifs/sess.c

+2 −0
Original line number Original line Diff line number Diff line
@@ -815,6 +815,7 @@ int decode_ntlmssp_challenge(char *bcc_ptr, int blob_len, 
		return -EINVAL;

		return -EINVAL;

	}

	}

	if (tilen) {

	if (tilen) {

		kfree_sensitive(ses->auth_key.response);

		ses->auth_key.response = kmemdup(bcc_ptr + tioffset, tilen,

		ses->auth_key.response = kmemdup(bcc_ptr + tioffset, tilen,

						 GFP_KERNEL);

						 GFP_KERNEL);

		if (!ses->auth_key.response) {

		if (!ses->auth_key.response) {
@@ -1428,6 +1429,7 @@ sess_auth_kerberos(struct sess_data *sess_data) 
		goto out_put_spnego_key;

		goto out_put_spnego_key;

	}

	}





	kfree_sensitive(ses->auth_key.response);

	ses->auth_key.response = kmemdup(msg->data, msg->sesskey_len,

	ses->auth_key.response = kmemdup(msg->data, msg->sesskey_len,

					 GFP_KERNEL);

					 GFP_KERNEL);

	if (!ses->auth_key.response) {

	if (!ses->auth_key.response) {