* re: cifs: sanitize username handling
@ 2014-05-19 20:33 Dan Carpenter
0 siblings, 0 replies; only message in thread
From: Dan Carpenter @ 2014-05-19 20:33 UTC (permalink / raw)
To: jlayton-H+wXaHxf7aLQT0dZR+AlfA; +Cc: linux-cifs-u79uwXL29TY76Z2rM5mHXA
Hello Jeff Layton,
The patch 04febabcf55b: "cifs: sanitize username handling" from Jan
17, 2012, leads to the following static checker warning:
fs/cifs/connect.c:2231 match_session()
error: we previously assumed 'vol->username' could be null (see line 2228)
fs/cifs/connect.c
2219 /* NULL username means anonymous session */
2220 if (ses->user_name == NULL) {
2221 if (!vol->nullauth)
2222 return 0;
2223 break;
2224 }
2225
2226 /* anything else takes username/password */
2227 if (strncmp(ses->user_name,
2228 vol->username ? vol->username : "",
^^^^^^^^^^^^^
We added this check for vol->username here.
2229 CIFS_MAX_USERNAME_LEN))
2230 return 0;
2231 if (strlen(vol->username) != 0 &&
^^^^^^^^^^^^^
But this dereference is not checked.
2232 ses->password != NULL &&
2233 strncmp(ses->password,
2234 vol->password ? vol->password : "",
2235 CIFS_MAX_PASSWORD_LEN))
2236 return 0;
regards,
dan carpenter
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2014-05-19 20:33 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-05-19 20:33 cifs: sanitize username handling Dan Carpenter
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.