[PATCH 6/7] cifs: Validate content of native symlink

From: Pali Rohár
Date: Sun Sep 29 2024 - 14:51:24 EST

Next message: Pali Rohár: "[PATCH 5/7] cifs: Fix parsing native symlinks directory/file type"
Previous message: Pali Rohár: "[PATCH 0/7] cifs: Improve support for native SMB symlinks"
In reply to: Pali Rohár: "Re: [PATCH 1/7] cifs: Rename smb2_get_reparse_inode to smb2_create_reparse_inode"
Next in thread: Steve French: "Re: [PATCH 6/7] cifs: Validate content of native symlink"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Check that buffer does not contain UTF-16 null codepoint
because Linux cannot process symlink with null byte.

Signed-off-by: Pali Rohár <pali@xxxxxxxxxx>
---
fs/smb/client/reparse.c | 10 ++++++++++
1 file changed, 10 insertions(+)

diff --git a/fs/smb/client/reparse.c b/fs/smb/client/reparse.c
index 5a738f65b190..ca4f96c43508 100644
--- a/fs/smb/client/reparse.c
+++ b/fs/smb/client/reparse.c
@@ -509,6 +509,16 @@ int smb2_parse_native_symlink(char **target, const char *buf, unsigned int len,
int rc;
int i;

+ /*
+ * Check that buffer does not contain UTF-16 null codepoint
+ * because Linux cannot process symlink with null byte.
+ */
+ if (unicode && UniStrnlen((wchar_t *)buf, len/2) != len/2) {
+ cifs_dbg(VFS, "srv returned null byte in native symlink target location\n");
+ rc = -EIO;
+ goto out;
+ }
+
smb_target = cifs_strndup_from_utf16(buf, len, unicode, cifs_sb->local_nls);
if (!smb_target) {
rc = -ENOMEM;
--
2.20.1

Next message: Pali Rohár: "[PATCH 5/7] cifs: Fix parsing native symlinks directory/file type"
Previous message: Pali Rohár: "[PATCH 0/7] cifs: Improve support for native SMB symlinks"
In reply to: Pali Rohár: "Re: [PATCH 1/7] cifs: Rename smb2_get_reparse_inode to smb2_create_reparse_inode"
Next in thread: Steve French: "Re: [PATCH 6/7] cifs: Validate content of native symlink"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]