| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20240928215948.4494-4-pali@kernel.org>
Date: Sat, 28 Sep 2024 23:59:43 +0200
From: Pali Rohár <pali@...nel.org>
To: Steve French <sfrench@...ba.org>,
Paulo Alcantara <pc@...guebit.com>,
Ronnie Sahlberg <ronniesahlberg@...il.com>
Cc: linux-cifs@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [PATCH 3/8] cifs: Fix parsing NFS-style char/block devices
Linux SMB client currently parses NFS-style char and block devices
incorrectly. It reads major number from location of minor and major from
location of minor.
Per MS-FSCC 2.1.2.6 NFS_SPECFILE_CHR and NFS_SPECFILE_BLK DataBuffer's
field contains two 32-bit integers that represent major and minor device
numbers.
So the first one 32-bit integer in DataBuffer is major number and second
one in DataBuffer is minor number. Microsoft Windows NFS server reads them
in this order too.
This issue was introduced in commit 45e724022e27 ("smb: client: set correct
file type from NFS reparse points") and probably because in commit message
was test of char and block devices with same major and minor numbers. So
swapped major and minor numbers were not spotted.
Fix this problem in Linux SMB client by reading major and minor numbers
from correct position of DataBuffer.
This change fixes interoperability of char and block devices on Windows
share which is exported over both SMB and NFS protocols.
Fixes: 45e724022e27 ("smb: client: set correct file type from NFS reparse points")
Signed-off-by: Pali Rohár <pali@...nel.org>
---
fs/smb/client/reparse.h | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/fs/smb/client/reparse.h b/fs/smb/client/reparse.h
index 2c0644bc4e65..790360f8a53b 100644
--- a/fs/smb/client/reparse.h
+++ b/fs/smb/client/reparse.h
@@ -20,9 +20,12 @@
static inline dev_t reparse_nfs_mkdev(struct reparse_posix_data *buf)
{
- u64 v = le64_to_cpu(*(__le64 *)buf->DataBuffer);
+ u32 major, minor;
- return MKDEV(v >> 32, v & 0xffffffff);
+ major = le32_to_cpu(((__le32 *)buf->DataBuffer)[0]);
+ minor = le32_to_cpu(((__le32 *)buf->DataBuffer)[1]);
+
+ return MKDEV(major, minor);
}
static inline dev_t wsl_mkdev(void *ptr)
--
2.20.1
Powered by blists - more mailing lists