Patchwork [lucid/fsl-imx51,maverick/ti-omap4,CVE,1/2] cifs: always do is_path_accessible check in cifs_mount

login
register
mail settings
Submitter Andy Whitcroft
Date Oct. 4, 2011, 2:59 p.m.
Message ID <1317740391-16788-2-git-send-email-apw@canonical.com>
Download mbox | patch
Permalink /patch/117645/
State New
Headers show

Comments

Andy Whitcroft - Oct. 4, 2011, 2:59 p.m.
From: Jeff Layton <jlayton@redhat.com>

Currently, we skip doing the is_path_accessible check in cifs_mount if
there is no prefixpath. I have a report of at least one server however
that allows a TREE_CONNECT to a share that has a DFS referral at its
root. The reporter in this case was using a UNC that had no prefixpath,
so the is_path_accessible check was not triggered and the box later hit
a BUG() because we were chasing a DFS referral on the root dentry for
the mount.

This patch fixes this by removing the check for a zero-length
prefixpath.  That should make the is_path_accessible check be done in
this situation and should allow the client to chase the DFS referral at
mount time instead.

Cc: stable@kernel.org
Reported-and-Tested-by: Yogesh Sharma <ysharma@cymer.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>

(cherry picked from commit 70945643722ffeac779d2529a348f99567fa5c33)
CVE-2011-3363
BugLink: http://bugs.launchpad.net/bugs/866034
Signed-off-by: Andy Whitcroft <apw@canonical.com>
---
 fs/cifs/connect.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

Patch

diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 08a44ca..f4e13d6 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -2512,7 +2512,7 @@  try_mount_again:
 
 remote_path_check:
 	/* check if a whole path (including prepath) is not remote */
-	if (!rc && cifs_sb->prepathlen && tcon) {
+	if (!rc && tcon) {
 		/* build_path_to_root works only when we have a valid tcon */
 		full_path = cifs_build_path_to_root(cifs_sb);
 		if (full_path == NULL) {