| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1427708644.14176.3.camel@redhat.com>
Date: Mon, 30 Mar 2015 10:44:04 +0100
From: Sachin Prabhu <sprabhu@...hat.com>
To: Steve French <smfrench@...il.com>
Cc: linux-cifs@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/4] [CIFS] Don't ignore errors on encrypting password
in SMBTcon
On Fri, 2015-03-27 at 00:28 -0500, Steve French wrote:
> Although unlikely to fail (and tree connect does not commonly send
> a password since SECMODE_USER is the default for most servers)
> do not ignore errors on SMBNTEncrypt in SMB Tree Connect.
>
> Reported by Coverity (CID 1226853)
>
> Signed-off-by: Steve French <smfrench@...il.com>
ACKed-by: Sachin Prabhu <sprabhu@...hat.com>
> ---
> fs/cifs/connect.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
> index 4cb8450..cdb1aaf 100644
> --- a/fs/cifs/connect.c
> +++ b/fs/cifs/connect.c
> @@ -3696,6 +3696,12 @@ CIFSTCon(const unsigned int xid, struct cifs_ses *ses,
> #endif /* CIFS_WEAK_PW_HASH */
> rc = SMBNTencrypt(tcon->password, ses->server->cryptkey,
> bcc_ptr, nls_codepage);
> + if (rc) {
> + cifs_dbg(FYI, "%s Can't generate NTLM rsp. Error: %d\n",
> + __func__, rc);
> + cifs_buf_release(smb_buffer);
> + return rc;
> + }
>
> bcc_ptr += CIFS_AUTH_RESP_SIZE;
> if (ses->capabilities & CAP_UNICODE) {
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists