| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20110806000253.380101699@clark.kroah.org> Date: Fri, 05 Aug 2011 17:02:15 -0700 From: Greg KH <gregkh@...e.de> To: linux-kernel@...r.kernel.org, stable@...nel.org Cc: stable-review@...nel.org, torvalds@...ux-foundation.org, akpm@...ux-foundation.org, alan@...rguk.ukuu.org.uk, Jeff Layton <jlayton@...hat.com>, Steve French <sfrench@...ibm.com> Subject: [45/55] cifs: check for NULL session password 2.6.32-longterm review patch. If anyone has any objections, please let us know. ------------------ From: Jeff Layton <jlayton@...hat.com> commit 24e6cf92fde1f140d8eb0bf7cd24c2c78149b6b2 upstream. It's possible for a cifsSesInfo struct to have a NULL password, so we need to check for that prior to running strncmp on it. Signed-off-by: Jeff Layton <jlayton@...hat.com> Signed-off-by: Steve French <sfrench@...ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@...e.de> --- fs/cifs/connect.c | 1 + 1 file changed, 1 insertion(+) --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -1605,6 +1605,7 @@ cifs_find_smb_ses(struct TCP_Server_Info MAX_USERNAME_SIZE)) continue; if (strlen(vol->username) != 0 && + ses->password != NULL && strncmp(ses->password, vol->password ? vol->password : "", MAX_PASSWORD_SIZE)) -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists