lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <lsq.1510009387.935461574@decadent.org.uk>
Date:   Mon, 06 Nov 2017 23:03:07 +0000
From:   Ben Hutchings <ben@...adent.org.uk>
To:     linux-kernel@...r.kernel.org, stable@...r.kernel.org
CC:     akpm@...ux-foundation.org, "Ronnie Sahlberg" <lsahlber@...hat.com>,
        "Steve French" <smfrench@...il.com>
Subject: [PATCH 3.2 044/147] cifs: return ENAMETOOLONG for overlong names
 in cifs_open()/cifs_lookup()

3.2.95-rc1 review patch.  If anyone has any objections, please let me know.

------------------

From: Ronnie Sahlberg <lsahlber@...hat.com>

commit d3edede29f74d335f81d95a4588f5f136a9f7dcf upstream.

Add checking for the path component length and verify it is <= the maximum
that the server advertizes via FileFsAttributeInformation.

With this patch cifs.ko will now return ENAMETOOLONG instead of ENOENT
when users to access an overlong path.

To test this, try to cd into a (non-existing) directory on a CIFS share
that has a too long name:
cd /mnt/aaaaaaaaaaaaaaa...

and it now should show a good error message from the shell:
bash: cd: /mnt/aaaaaaaaaaaaaaaa...aaaaaa: File name too long

rh bz 1153996

Signed-off-by: Ronnie Sahlberg <lsahlber@...hat.com>
Signed-off-by: Steve French <smfrench@...il.com>
[bwh: Backported to 3.2: name checks are done only in cifs_lookup()]
Signed-off-by: Ben Hutchings <ben@...adent.org.uk>
---
--- a/fs/cifs/dir.c
+++ b/fs/cifs/dir.c
@@ -520,6 +520,13 @@ cifs_lookup(struct inode *parent_dir_ino
 
 	oplock = pTcon->ses->server->oplocks ? REQ_OPLOCK : 0;
 
+	/* Don't allow path components longer than the server max. */
+	if (unlikely(direntry->d_name.len >
+		     pTcon->fsAttrInfo.MaxPathNameComponentLength)) {
+		rc = -ENAMETOOLONG;
+		goto lookup_out;
+	}
+
 	/*
 	 * Don't allow the separator character in a path component.
 	 * The VFS will not allow "/", but "\" is allowed by posix.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ