lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAGvGhF4y4ydeuQg9CmTF5OrrVmXG6D05PtBCWHb-EFmY8Y4zOA@mail.gmail.com>
Date:   Wed, 15 Dec 2021 16:59:18 +1000
From:   Leif Sahlberg <lsahlber@...hat.com>
To:     Thiago Rafael Becker <trbecker@...il.com>
Cc:     CIFS <linux-cifs@...r.kernel.org>,
        Steve French <sfrench@...ba.org>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/1] cifs: sanitize multiple delimiters in prepath

Steve,

Acked-by: me
Steve, we should have this in stable

    Fixes: 24e0a1eff9e2 ("cifs: switch to new mount api")
    Cc: stable@...r.kernel.org # 5.11+


On Wed, Dec 15, 2021 at 1:09 PM Thiago Rafael Becker <trbecker@...il.com> wrote:
>
> mount.cifs can pass a device with multiple delimiters in it. This will
> cause rename(2) to fail with ENOENT.
>
> BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=2031200
> Signed-off-by: Thiago Rafael Becker <trbecker@...il.com>
> ---
>  fs/cifs/fs_context.c | 30 ++++++++++++++++++++++++++++++
>  1 file changed, 30 insertions(+)
>
> diff --git a/fs/cifs/fs_context.c b/fs/cifs/fs_context.c
> index 6a179ae753c1..4ce8a7df3a02 100644
> --- a/fs/cifs/fs_context.c
> +++ b/fs/cifs/fs_context.c
> @@ -434,6 +434,34 @@ int smb3_parse_opt(const char *options, const char *key, char **val)
>         return rc;
>  }
>
> +/*
> + * remove duplicate path delimiters. Windows is supposed to do that
> + * but there are some bugs that prevent rename from working if there are
> + * multiple delimiters.
> + */
> +void sanitize_path(char *path) {
> +        char *pos = path, last = *path;
> +        unsigned int offset = 0;
> +
> +        while(*(++pos)) {
> +                if ((*pos == '/' || *pos == '\\') && (last == '/' || last == '\\')) {
> +                        offset++;
> +                        continue;
> +                }
> +
> +                last = *pos;
> +                *(pos - offset) = *pos;
> +        }
> +
> +        pos = pos - offset - 1;
> +
> +        /* At this point, there should be only zero or one delimiter at the end of the string */
> +        if (*pos != '/' && *pos != '\\')
> +                pos++;
> +
> +        *pos = '\0';
> +}
> +
>  /*
>   * Parse a devname into substrings and populate the ctx->UNC and ctx->prepath
>   * fields with the result. Returns 0 on success and an error otherwise
> @@ -497,6 +525,8 @@ smb3_parse_devname(const char *devname, struct smb3_fs_context *ctx)
>         if (!ctx->prepath)
>                 return -ENOMEM;
>
> +       sanitize_path(ctx->prepath);
> +
>         return 0;
>  }
>
> --
> 2.31.1
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ