Commit cce246ee authored by Steve French's avatar Steve French

[CIFS] Fix acl length when very short ACL being modified by chmod

Signed-off-by: default avatarShirish Pargaonkar <shirishp@us.ibm.com>
Signed-off-by: default avatarSteve French <sfrench@us.ibm.com>
parent 35028d71
...@@ -516,7 +516,7 @@ static int parse_sec_desc(struct cifs_ntsd *pntsd, int acl_len, ...@@ -516,7 +516,7 @@ static int parse_sec_desc(struct cifs_ntsd *pntsd, int acl_len,
/* Convert permission bits from mode to equivalent CIFS ACL */ /* Convert permission bits from mode to equivalent CIFS ACL */
static int build_sec_desc(struct cifs_ntsd *pntsd, struct cifs_ntsd *pnntsd, static int build_sec_desc(struct cifs_ntsd *pntsd, struct cifs_ntsd *pnntsd,
int acl_len, struct inode *inode, __u64 nmode) struct inode *inode, __u64 nmode)
{ {
int rc = 0; int rc = 0;
__u32 dacloffset; __u32 dacloffset;
...@@ -692,14 +692,14 @@ void acl_to_uid_mode(struct inode *inode, const char *path, const __u16 *pfid) ...@@ -692,14 +692,14 @@ void acl_to_uid_mode(struct inode *inode, const char *path, const __u16 *pfid)
int mode_to_acl(struct inode *inode, const char *path, __u64 nmode) int mode_to_acl(struct inode *inode, const char *path, __u64 nmode)
{ {
int rc = 0; int rc = 0;
__u32 acllen = 0; __u32 secdesclen = 0;
struct cifs_ntsd *pntsd = NULL; /* acl obtained from server */ struct cifs_ntsd *pntsd = NULL; /* acl obtained from server */
struct cifs_ntsd *pnntsd = NULL; /* modified acl to be sent to server */ struct cifs_ntsd *pnntsd = NULL; /* modified acl to be sent to server */
cFYI(DBG2, ("set ACL from mode for %s", path)); cFYI(DBG2, ("set ACL from mode for %s", path));
/* Get the security descriptor */ /* Get the security descriptor */
pntsd = get_cifs_acl(&acllen, inode, path, NULL); pntsd = get_cifs_acl(&secdesclen, inode, path, NULL);
/* Add three ACEs for owner, group, everyone getting rid of /* Add three ACEs for owner, group, everyone getting rid of
other ACEs as chmod disables ACEs and set the security descriptor */ other ACEs as chmod disables ACEs and set the security descriptor */
...@@ -709,20 +709,22 @@ int mode_to_acl(struct inode *inode, const char *path, __u64 nmode) ...@@ -709,20 +709,22 @@ int mode_to_acl(struct inode *inode, const char *path, __u64 nmode)
set security descriptor request security descriptor set security descriptor request security descriptor
parameters, and secuirty descriptor itself */ parameters, and secuirty descriptor itself */
pnntsd = kmalloc(acllen, GFP_KERNEL); secdesclen = secdesclen < DEFSECDESCLEN ?
DEFSECDESCLEN : secdesclen;
pnntsd = kmalloc(secdesclen, GFP_KERNEL);
if (!pnntsd) { if (!pnntsd) {
cERROR(1, ("Unable to allocate security descriptor")); cERROR(1, ("Unable to allocate security descriptor"));
kfree(pntsd); kfree(pntsd);
return (-ENOMEM); return (-ENOMEM);
} }
rc = build_sec_desc(pntsd, pnntsd, acllen, inode, nmode); rc = build_sec_desc(pntsd, pnntsd, inode, nmode);
cFYI(DBG2, ("build_sec_desc rc: %d", rc)); cFYI(DBG2, ("build_sec_desc rc: %d", rc));
if (!rc) { if (!rc) {
/* Set the security descriptor */ /* Set the security descriptor */
rc = set_cifs_acl(pnntsd, acllen, inode, path); rc = set_cifs_acl(pnntsd, secdesclen, inode, path);
cFYI(DBG2, ("set_cifs_acl rc: %d", rc)); cFYI(DBG2, ("set_cifs_acl rc: %d", rc));
} }
......
...@@ -27,6 +27,7 @@ ...@@ -27,6 +27,7 @@
#define NUM_SUBAUTHS 5 /* number of sub authority fields */ #define NUM_SUBAUTHS 5 /* number of sub authority fields */
#define NUM_WK_SIDS 7 /* number of well known sids */ #define NUM_WK_SIDS 7 /* number of well known sids */
#define SIDNAMELENGTH 20 /* long enough for the ones we care about */ #define SIDNAMELENGTH 20 /* long enough for the ones we care about */
#define DEFSECDESCLEN 192 /* sec desc len contaiting a dacl with three aces */
#define READ_BIT 0x4 #define READ_BIT 0x4
#define WRITE_BIT 0x2 #define WRITE_BIT 0x2
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment