lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20210907091411.GG1935@kadam>
Date:   Tue, 7 Sep 2021 12:14:11 +0300
From:   Dan Carpenter <dan.carpenter@...cle.com>
To:     Sergey Senozhatsky <senozhatsky@...omium.org>
Cc:     Namjae Jeon <linkinjeon@...nel.org>,
        Steve French <sfrench@...ba.org>,
        Hyunchul Lee <hyc.lee@...il.com>, linux-cifs@...r.kernel.org,
        linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org
Subject: Re: [PATCH] ksmbd: remove unnecessary conditions

On Tue, Sep 07, 2021 at 06:04:03PM +0900, Sergey Senozhatsky wrote:
> On (21/09/07 11:54), Dan Carpenter wrote:
> > On Tue, Sep 07, 2021 at 05:06:04PM +0900, Sergey Senozhatsky wrote:
> > > On (21/09/07 10:34), Dan Carpenter wrote:
> > > >  
> > > >  		id = le32_to_cpu(psid->sub_auth[psid->num_subauth - 1]);
> > > > -		if (id >= 0) {
> > > > -			/*
> > > > -			 * Translate raw sid into kuid in the server's user
> > > > -			 * namespace.
> > > > -			 */
> > > > -			uid = make_kuid(&init_user_ns, id);
> > > > -
> > > > -			/* If this is an idmapped mount, apply the idmapping. */
> > > > -			uid = kuid_from_mnt(user_ns, uid);
> > > > -			if (uid_valid(uid)) {
> > > > -				fattr->cf_uid = uid;
> > > > -				rc = 0;
> > > > -			}
> > > > +		/*
> > > > +		 * Translate raw sid into kuid in the server's user
> > > > +		 * namespace.
> > > > +		 */
> > > > +		uid = make_kuid(&init_user_ns, id);
> > > 
> > > Can make_kuid() return INVALID_UID? IOW, uid_valid(uid) here as well?
> > 
> > No need to check twice.  We're going to check at the end.
> > 
> > > 
> > > > +
> > > > +		/* If this is an idmapped mount, apply the idmapping. */
> > > > +		uid = kuid_from_mnt(user_ns, uid);
> > > > +		if (uid_valid(uid)) {
> >                     ^^^^^^^^^^^^^^
> > The check here is sufficient.
> 
> My point was more that a potentially invalid UID is passed to kuid_from_mnt()
> and kgid_from_mnt(). I don't see map_id_up(), for example, checking that
> passed UID is valid. So decided to double check.

But you've seen it now, right?  The kuid_from_mnt() will return
INVALID_UID if you pass it any unknown uid (including INVALID_UID).

regards,
dan carpenter

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ