[PATCH 0/3] mount.cifs: minor buflen tracking cleanups

[PATCH 0/3] mount.cifs: minor buflen tracking cleanups

[David Disseldorp]

These changes are minor cleanups to go atop the bugfix
"mount.cifs: fix buffer overrun in set_password"
https://lore.kernel.org/linux-cifs/20260331000911.16062-1-ddiss@suse.de/T/#u

David Disseldorp (3):
      build_assert: add ccan build_assert.h header
      mount.cifs: adjust get_password_from_file() buf size
      mount.cifs: remove runtime pass_length calculation

 build_assert.h | 40 ++++++++++++++++++++++++++++++++++++++++
 mount.cifs.c   | 18 ++++++++----------
 2 files changed, 48 insertions(+), 10 deletions(-)
 create mode 100644 build_assert.h

[PATCH 1/3] build_assert: add ccan build_assert.h header

[David Disseldorp]

Obtained from https://github.com/rustyrussell/ccan with HEAD
050dc66dc2de3d8b150817c6bba648f74b12cccf .
build_assert.h is licensed CC0 (Public domain).

Signed-off-by: David Disseldorp <ddiss@suse.de>
---
 build_assert.h | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 build_assert.h

diff --git a/build_assert.h b/build_assert.h
new file mode 100644
index 0000000..b9ecd84
--- /dev/null
+++ b/build_assert.h
@@ -0,0 +1,40 @@
+/* CC0 (Public domain) - see LICENSE file for details */
+#ifndef CCAN_BUILD_ASSERT_H
+#define CCAN_BUILD_ASSERT_H
+
+/**
+ * BUILD_ASSERT - assert a build-time dependency.
+ * @cond: the compile-time condition which must be true.
+ *
+ * Your compile will fail if the condition isn't true, or can't be evaluated
+ * by the compiler.  This can only be used within a function.
+ *
+ * Example:
+ *	#include <stddef.h>
+ *	...
+ *	static char *foo_to_char(struct foo *foo)
+ *	{
+ *		// This code needs string to be at start of foo.
+ *		BUILD_ASSERT(offsetof(struct foo, string) == 0);
+ *		return (char *)foo;
+ *	}
+ */
+#define BUILD_ASSERT(cond) \
+	do { (void) sizeof(char [1 - 2*!(cond)]); } while(0)
+
+/**
+ * BUILD_ASSERT_OR_ZERO - assert a build-time dependency, as an expression.
+ * @cond: the compile-time condition which must be true.
+ *
+ * Your compile will fail if the condition isn't true, or can't be evaluated
+ * by the compiler.  This can be used in an expression: its value is "0".
+ *
+ * Example:
+ *	#define foo_to_char(foo)					\
+ *		 ((char *)(foo)						\
+ *		  + BUILD_ASSERT_OR_ZERO(offsetof(struct foo, string) == 0))
+ */
+#define BUILD_ASSERT_OR_ZERO(cond) \
+	(sizeof(char [1 - 2*!(cond)]) - 1)
+
+#endif /* CCAN_BUILD_ASSERT_H */
-- 
2.51.0

[PATCH 2/3] mount.cifs: adjust get_password_from_file() buf size

[David Disseldorp]

The parsed_mount_info password and password2 fields are both zero
terminated and sized MOUNT_PASSWD_SIZE + 1.
The get_password_from_file() buf adds one to this size, presumably to
account for (extra) zero termination. This is unnecessary, so use a
consistent size across all buffers.

Signed-off-by: David Disseldorp <ddiss@suse.de>
---
 mount.cifs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mount.cifs.c b/mount.cifs.c
index d41ca6a..945196f 100644
--- a/mount.cifs.c
+++ b/mount.cifs.c
@@ -684,7 +684,7 @@ get_password_from_file(int file_descript, char *filename,
 	int is_pass2 = which_pass == OPT_PASS2;
 	unsigned int pass_length = is_pass2 ?
 					  sizeof(parsed_info->password2) : sizeof(parsed_info->password);
-	char buf[pass_length + 1];
+	char buf[pass_length];
 
 	if (filename != NULL) {
 		rc = toggle_dac_capability(0, 1);
-- 
2.51.0

[PATCH 3/3] mount.cifs: remove runtime pass_length calculation

[David Disseldorp]

The parsed_mount_info.password and parsed_mount_info.password2 arrays
are both the same length, so drop version-specific length calculations
and use a build-time assertion to avoid future breakage.

Cc: Meetakshi Setiya <msetiya@microsoft.com>
Signed-off-by: David Disseldorp <ddiss@suse.de>
---
 mount.cifs.c | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/mount.cifs.c b/mount.cifs.c
index 945196f..836a060 100644
--- a/mount.cifs.c
+++ b/mount.cifs.c
@@ -63,6 +63,7 @@
 #include "mount.h"
 #include "util.h"
 #include "resolve_host.h"
+#include "build_assert.h"
 
 #ifndef MS_MOVE 
 #define MS_MOVE 8192 
@@ -343,14 +344,12 @@ set_password(struct parsed_mount_info *parsed_info, const char *src,
 {
 	int is_pass2 = which_pass == OPT_PASS2 || which_pass == CRED_PASS2;
 
-	char *dst = is_pass2 ?
-				parsed_info->password2 : parsed_info->password;
-	unsigned int pass_length = is_pass2 ?
-					  sizeof(parsed_info->password2) : sizeof(parsed_info->password);
+	char *dst = is_pass2 ? parsed_info->password2 : parsed_info->password;
 	unsigned int i = 0, j = 0;
+	BUILD_ASSERT(sizeof(parsed_info->password) == sizeof(parsed_info->password2));
 
 	while (src[i]) {
-		if (j + 2 >= pass_length) {
+		if (j + 2 >= sizeof(parsed_info->password)) {
 			fprintf(stderr, "Converted password too long!\n");
 			return EX_USAGE;
 		}
@@ -362,7 +361,8 @@ set_password(struct parsed_mount_info *parsed_info, const char *src,
 	if (is_pass2)
 		parsed_info->got_password2 = 1;
 	else
-	parsed_info->got_password = 1;
+		parsed_info->got_password = 1;
+
 	return 0;
 }
 
@@ -681,10 +681,8 @@ get_password_from_file(int file_descript, char *filename,
 			   const int which_pass)
 {
 	int rc = 0;
-	int is_pass2 = which_pass == OPT_PASS2;
-	unsigned int pass_length = is_pass2 ?
-					  sizeof(parsed_info->password2) : sizeof(parsed_info->password);
-	char buf[pass_length];
+	char buf[sizeof(parsed_info->password)];
+	BUILD_ASSERT(sizeof(parsed_info->password) == sizeof(parsed_info->password2));
 
 	if (filename != NULL) {
 		rc = toggle_dac_capability(0, 1);
-- 
2.51.0

Re: [PATCH 0/3] mount.cifs: minor buflen tracking cleanups

[Henrique Carvalho]

Reviewed-by: Henrique Carvalho <henrique.carvalho@suse.com>

On Tue, Mar 31, 2026 at 11:37:50AM +1100, David Disseldorp wrote:
> These changes are minor cleanups to go atop the bugfix
> "mount.cifs: fix buffer overrun in set_password"
> https://lore.kernel.org/linux-cifs/20260331000911.16062-1-ddiss@suse.de/T/#u
> 
> David Disseldorp (3):
>       build_assert: add ccan build_assert.h header
>       mount.cifs: adjust get_password_from_file() buf size
>       mount.cifs: remove runtime pass_length calculation
> 
>  build_assert.h | 40 ++++++++++++++++++++++++++++++++++++++++
>  mount.cifs.c   | 18 ++++++++----------
>  2 files changed, 48 insertions(+), 10 deletions(-)
>  create mode 100644 build_assert.h
> 
> 

Re: [PATCH 0/3] mount.cifs: minor buflen tracking cleanups

[Steve French]

Added the RB and merged into git.samba.org/data/git/cifs-utils.git and
https://github.com/smfrench/smb3-utils for-next

On Tue, Mar 31, 2026 at 1:06 PM Henrique Carvalho
<henrique.carvalho@suse.com> wrote:
>
> Reviewed-by: Henrique Carvalho <henrique.carvalho@suse.com>
>
> On Tue, Mar 31, 2026 at 11:37:50AM +1100, David Disseldorp wrote:
> > These changes are minor cleanups to go atop the bugfix
> > "mount.cifs: fix buffer overrun in set_password"
> > https://lore.kernel.org/linux-cifs/20260331000911.16062-1-ddiss@suse.de/T/#u
> >
> > David Disseldorp (3):
> >       build_assert: add ccan build_assert.h header
> >       mount.cifs: adjust get_password_from_file() buf size
> >       mount.cifs: remove runtime pass_length calculation
> >
> >  build_assert.h | 40 ++++++++++++++++++++++++++++++++++++++++
> >  mount.cifs.c   | 18 ++++++++----------
> >  2 files changed, 48 insertions(+), 10 deletions(-)
> >  create mode 100644 build_assert.h
> >
> >



--
Thanks,

Steve