Re: [PATCH] CIFS: Fix IP address bounds checking on mount utility.

Jeff Layton <jlayton@xxxxxxxxx> · Sat, 24 Nov 2012 09:23:14 -0500

On Thu, 22 Nov 2012 12:31:50 -0500
Scott Lovenberg <scott.lovenberg@xxxxxxxxx> wrote:

> On Wed, Nov 21, 2012 at 4:52 PM, Jeff Layton <jlayton@xxxxxxxxx> wrote:
> >
> > On Nov 21, 2012 3:16 PM, "Scott Lovenberg" <scott.lovenberg@xxxxxxxxx>
> > wrote:
> >>
> >> On Wed, Nov 21, 2012 at 3:10 PM, <scott.lovenberg@xxxxxxxxx> wrote:
> >> >
> >> > From: Scott Lovenberg <scott.lovenberg@xxxxxxxxx>
> >> >
> >> > Signed-off-by: Scott Lovenberg <scott.lovenberg@xxxxxxxxx>
> >> > ---
> >> >  mount.cifs.c |    4 ++--
> >> >  1 files changed, 2 insertions(+), 2 deletions(-)
> >> >
> >> > diff --git a/mount.cifs.c b/mount.cifs.c
> >> > index a9632b4..f63c309 100644
> >> > --- a/mount.cifs.c
> >> > +++ b/mount.cifs.c
> >> > @@ -941,8 +941,8 @@ parse_options(const char *data, struct
> >> > parsed_mount_info *parsed_info)
> >> >                         if (!value || !*value) {
> >> >                                 fprintf(stderr,
> >> >                                         "target ip address argument
> >> > missing\n");
> >> > -                       } else if (strnlen(value, MAX_ADDRESS_LEN) <=
> >> > -                               MAX_ADDRESS_LEN) {
> >> > +                       } else if (strnlen(value, MAX_ADDR_LIST_LEN + 1)
> >> > <=
> >> > +                               MAX_ADDR_LIST_LEN) {
> >> >                                 strcpy(parsed_info->addrlist, value);
> >> >                                 if (parsed_info->verboseflag)
> >> >                                         fprintf(stderr,
> >> > --
> >> > 1.7.5.4
> >> >
> >>
> >> I still suck at git send-email.  The body of that should have read:
> >> "In the mount utility use MAX_ADDR_LIST_LEN for bounds checking on ip
> >> addresses instead of MAX_ADDRESS_LEN.  Parsed_mount_info->addrlist is
> >> MAX_ADDR_LIST_LEN chars long."
> >>
> >> --
> >> Peace and Blessings,
> >> -Scott.
> >> --
> >> To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
> >> the body of a message to majordomo@xxxxxxxxxxxxxxx
> >> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> >
> > Erm...except that ip= can only specify a single address. MAX_ADDRESS_LEN is
> > the length of a single address whereas MAX_ADDR_LIST_LEN is 16 times that
> > value. I'm not clear on what the perceived bug is here...
> >
> 
> Hrm... I'm a bit confused as to why the parsed_mount_info has
> addrlist[MAX_ADDR_LIST_LEN] if it's only going to hold a single IP.
> Happy Thanksgiving, Jeff.
> 

When you resolve a hostname, we get back a list of address records.
Those are parsed and the addresses end up in the addrlist.

When you provide an 'ip=' address option manually however, you can only
provide a single address. That still goes into the addrlist, but then
you're just in the trivial case of trying an address list that contains
a single address.

-- 
Jeff Layton <jlayton@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html