lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:	Wed, 5 Dec 2007 08:24:38 +0000
From:	Al Viro <viro@....linux.org.uk>
To:	Linus Torvalds <torvalds@...ux-foundation.org>
Cc:	Shirish Pargaonkar <shirishp@...ibm.com>, sfrench@...ba.org,
	linux-kernel@...r.kernel.org
Subject: [PATCH] regression: cifs endianness bug

	access_flags_to_mode() gets on-the-wire data (little-endian)
and treats it as host-endian.

Introduced in commit e01b64001359034d04c695388870936ed3d1b56b
([CIFS] enable get mode from ACL when cifsacl mount option specified)

Signed-off-by: Al Viro <viro@...iv.linux.org.uk>
---
diff --git a/fs/cifs/cifsacl.c b/fs/cifs/cifsacl.c
index f02fdef..c312adc 100644
--- a/fs/cifs/cifsacl.c
+++ b/fs/cifs/cifsacl.c
@@ -134,9 +134,10 @@ int compare_sids(const struct cifs_sid *ctsid, const struct cifs_sid *cwsid)
    pmode is the existing mode (we only want to overwrite part of this
    bits to set can be: S_IRWXU, S_IRWXG or S_IRWXO ie 00700 or 00070 or 00007
 */
-static void access_flags_to_mode(__u32 ace_flags, int type, umode_t *pmode,
+static void access_flags_to_mode(__le32 ace_flags, int type, umode_t *pmode,
 				 umode_t *pbits_to_set)
 {
+	__u32 flags = le32_to_cpu(ace_flags);
 	/* the order of ACEs is important.  The canonical order is to begin with
 	   DENY entries followed by ALLOW, otherwise an allow entry could be
 	   encountered first, making the subsequent deny entry like "dead code"
@@ -146,17 +147,17 @@ static void access_flags_to_mode(__u32 ace_flags, int type, umode_t *pmode,
 	/* For deny ACEs we change the mask so that subsequent allow access
 	   control entries do not turn on the bits we are denying */
 	if (type == ACCESS_DENIED) {
-		if (ace_flags & GENERIC_ALL) {
+		if (flags & GENERIC_ALL) {
 			*pbits_to_set &= ~S_IRWXUGO;
 		}
-		if ((ace_flags & GENERIC_WRITE) ||
-			((ace_flags & FILE_WRITE_RIGHTS) == FILE_WRITE_RIGHTS))
+		if ((flags & GENERIC_WRITE) ||
+			((flags & FILE_WRITE_RIGHTS) == FILE_WRITE_RIGHTS))
 			*pbits_to_set &= ~S_IWUGO;
-		if ((ace_flags & GENERIC_READ) ||
-			((ace_flags & FILE_READ_RIGHTS) == FILE_READ_RIGHTS))
+		if ((flags & GENERIC_READ) ||
+			((flags & FILE_READ_RIGHTS) == FILE_READ_RIGHTS))
 			*pbits_to_set &= ~S_IRUGO;
-		if ((ace_flags & GENERIC_EXECUTE) ||
-			((ace_flags & FILE_EXEC_RIGHTS) == FILE_EXEC_RIGHTS))
+		if ((flags & GENERIC_EXECUTE) ||
+			((flags & FILE_EXEC_RIGHTS) == FILE_EXEC_RIGHTS))
 			*pbits_to_set &= ~S_IXUGO;
 		return;
 	} else if (type != ACCESS_ALLOWED) {
@@ -165,25 +166,25 @@ static void access_flags_to_mode(__u32 ace_flags, int type, umode_t *pmode,
 	}
 	/* else ACCESS_ALLOWED type */
 
-	if (ace_flags & GENERIC_ALL) {
+	if (flags & GENERIC_ALL) {
 		*pmode |= (S_IRWXUGO & (*pbits_to_set));
 #ifdef CONFIG_CIFS_DEBUG2
 		cFYI(1, ("all perms"));
 #endif
 		return;
 	}
-	if ((ace_flags & GENERIC_WRITE) ||
-			((ace_flags & FILE_WRITE_RIGHTS) == FILE_WRITE_RIGHTS))
+	if ((flags & GENERIC_WRITE) ||
+			((flags & FILE_WRITE_RIGHTS) == FILE_WRITE_RIGHTS))
 		*pmode |= (S_IWUGO & (*pbits_to_set));
-	if ((ace_flags & GENERIC_READ) ||
-			((ace_flags & FILE_READ_RIGHTS) == FILE_READ_RIGHTS))
+	if ((flags & GENERIC_READ) ||
+			((flags & FILE_READ_RIGHTS) == FILE_READ_RIGHTS))
 		*pmode |= (S_IRUGO & (*pbits_to_set));
-	if ((ace_flags & GENERIC_EXECUTE) ||
-			((ace_flags & FILE_EXEC_RIGHTS) == FILE_EXEC_RIGHTS))
+	if ((flags & GENERIC_EXECUTE) ||
+			((flags & FILE_EXEC_RIGHTS) == FILE_EXEC_RIGHTS))
 		*pmode |= (S_IXUGO & (*pbits_to_set));
 
 #ifdef CONFIG_CIFS_DEBUG2
-	cFYI(1, ("access flags 0x%x mode now 0x%x", ace_flags, *pmode));
+	cFYI(1, ("access flags 0x%x mode now 0x%x", flags, *pmode));
 #endif
 	return;
 }
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists