From: "Pali Rohár" <pali@kernel.org>
To: Steve French <sfrench@samba.org>,
Paulo Alcantara <pc@manguebit.com>,
Ronnie Sahlberg <ronniesahlberg@gmail.com>
Cc: linux-cifs@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH v2 5/6] cifs: Validate content of native symlink
Date: Sat, 5 Oct 2024 16:02:59 +0200 [thread overview]
Message-ID: <20241005140300.19416-6-pali@kernel.org> (raw)
In-Reply-To: <20241005140300.19416-1-pali@kernel.org>
Check that path buffer has correct length (it is non-zero and in UNICODE
mode it has even number of bytes) and check that buffer does not contain
null character (UTF-16 null codepoint in UNICODE mode or null byte in
non-unicode mode) because Linux cannot process symlink with null byte.
Signed-off-by: Pali Rohár <pali@kernel.org>
---
fs/smb/client/reparse.c | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/fs/smb/client/reparse.c b/fs/smb/client/reparse.c
index 0d1cea64ab6e..fb1d16b17f38 100644
--- a/fs/smb/client/reparse.c
+++ b/fs/smb/client/reparse.c
@@ -544,6 +544,25 @@ int smb2_parse_native_symlink(char **target, const char *buf, unsigned int len,
int rc;
int i;
+ /* Check that length it valid for unicode/non-unicode mode */
+ if (!len || (unicode && (len % 2))) {
+ cifs_dbg(VFS, "srv returned malformed symlink buffer\n");
+ rc = -EIO;
+ goto out;
+ }
+
+ /*
+ * Check that buffer does not contain UTF-16 null codepoint in unicode
+ * mode or null byte in non-unicode mode because Linux cannot process
+ * symlink with null byte.
+ */
+ if ((unicode && UniStrnlen((wchar_t *)buf, len/2) != len/2) ||
+ (!unicode && strnlen(buf, len) != len)) {
+ cifs_dbg(VFS, "srv returned null byte in native symlink target location\n");
+ rc = -EIO;
+ goto out;
+ }
+
smb_target = cifs_strndup_from_utf16(buf, len, unicode, cifs_sb->local_nls);
if (!smb_target) {
rc = -ENOMEM;
--
2.20.1
next prev parent reply other threads:[~2024-10-05 14:03 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-29 18:50 [PATCH 0/7] cifs: Improve support for native SMB symlinks Pali Rohár
2024-09-29 18:50 ` [PATCH 1/7] cifs: Rename smb2_get_reparse_inode to smb2_create_reparse_inode Pali Rohár
2024-09-29 21:16 ` Steve French
2024-09-29 22:05 ` Pali Rohár
2024-09-29 18:50 ` [PATCH 2/7] cifs: Improve creating native symlinks pointing to directory Pali Rohár
2024-09-29 21:54 ` Steve French
2024-09-29 22:11 ` Pali Rohár
2024-09-30 15:09 ` Paulo Alcantara
2024-09-30 17:17 ` Pali Rohár
2024-10-05 14:08 ` Pali Rohár
2024-09-29 18:50 ` [PATCH 3/7] cifs: Fix creating native symlinks pointing to current or parent directory Pali Rohár
2024-09-29 18:50 ` [PATCH 4/7] cifs: Fix parsing native symlinks relative to the export Pali Rohár
2024-09-29 18:50 ` [PATCH 5/7] cifs: Fix parsing native symlinks directory/file type Pali Rohár
2024-09-29 21:47 ` Steve French
2024-09-29 21:58 ` Pali Rohár
2024-09-29 18:50 ` [PATCH 6/7] cifs: Validate content of native symlink Pali Rohár
2024-09-29 21:48 ` Steve French
2024-09-29 22:19 ` Pali Rohár
2024-09-30 20:00 ` Pali Rohár
2024-09-29 18:50 ` [PATCH 7/7] cifs: Fix creating and resolving absolute NT-style symlinks Pali Rohár
2024-09-29 22:03 ` [PATCH 0/7] cifs: Improve support for native SMB symlinks Steve French
2024-10-05 14:07 ` Pali Rohár
2024-10-05 14:02 ` [PATCH v2 0/6] " Pali Rohár
2024-10-05 14:02 ` [PATCH v2 1/6] cifs: Improve creating native symlinks pointing to directory Pali Rohár
2024-10-05 14:02 ` [PATCH v2 2/6] cifs: Fix creating native symlinks pointing to current or parent directory Pali Rohár
2024-10-05 14:02 ` [PATCH v2 3/6] cifs: Fix parsing native symlinks relative to the export Pali Rohár
2024-10-05 14:02 ` [PATCH v2 4/6] cifs: Fix parsing native symlinks directory/file type Pali Rohár
2024-10-13 17:56 ` Steve French
2024-10-14 9:52 ` Pali Rohár
2024-10-15 14:30 ` [PATCH v3] " Pali Rohár
2024-12-09 18:02 ` Pali Rohár
2024-10-05 14:02 ` Pali Rohár [this message]
2024-10-13 4:21 ` [PATCH v2 5/6] cifs: Validate content of native symlink Steve French
2024-10-14 9:39 ` Pali Rohár
2024-10-05 14:03 ` [PATCH v2 6/6] cifs: Fix creating and resolving absolute NT-style symlinks Pali Rohár
2024-10-07 3:59 ` Steve French
2024-10-07 18:09 ` Pali Rohár
2024-12-09 17:58 ` Pali Rohár
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241005140300.19416-6-pali@kernel.org \
--to=pali@kernel.org \
--cc=linux-cifs@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pc@manguebit.com \
--cc=ronniesahlberg@gmail.com \
--cc=sfrench@samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.