* re: cifs: sanitize username handling
@ 2014-05-19 20:33 Dan Carpenter
0 siblings, 0 replies; only message in thread
From: Dan Carpenter @ 2014-05-19 20:33 UTC (permalink / raw)
To: jlayton-H+wXaHxf7aLQT0dZR+AlfA; +Cc: linux-cifs-u79uwXL29TY76Z2rM5mHXA
Hello Jeff Layton,
The patch 04febabcf55b: "cifs: sanitize username handling" from Jan
17, 2012, leads to the following static checker warning:
fs/cifs/connect.c:2231 match_session()
error: we previously assumed 'vol->username' could be null (see line 2228)
fs/cifs/connect.c
2219 /* NULL username means anonymous session */
2220 if (ses->user_name == NULL) {
2221 if (!vol->nullauth)
2222 return 0;
2223 break;
2224 }
2225
2226 /* anything else takes username/password */
2227 if (strncmp(ses->user_name,
2228 vol->username ? vol->username : "",
^^^^^^^^^^^^^
We added this check for vol->username here.
2229 CIFS_MAX_USERNAME_LEN))
2230 return 0;
2231 if (strlen(vol->username) != 0 &&
^^^^^^^^^^^^^
But this dereference is not checked.
2232 ses->password != NULL &&
2233 strncmp(ses->password,
2234 vol->password ? vol->password : "",
2235 CIFS_MAX_PASSWORD_LEN))
2236 return 0;
regards,
dan carpenter
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2014-05-19 20:33 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-05-19 20:33 cifs: sanitize username handling Dan Carpenter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).