2013/5/23 Jeff Layton <jlayton@xxxxxxxxxx>: > The SecurityFlags handler uses an obsolete simple_strtoul() call, and > doesn't really handle the bounds checking well. Fix it to use > kstrtouint() instead. Clean up the error messages as well and fix a > bogus check for an unsigned int to be less than 0. > > Signed-off-by: Jeff Layton <jlayton@xxxxxxxxxx> > --- > fs/cifs/cifs_debug.c | 20 ++++++++++++++------ > 1 file changed, 14 insertions(+), 6 deletions(-) > > diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c > index d597483..856f8f5 100644 > --- a/fs/cifs/cifs_debug.c > +++ b/fs/cifs/cifs_debug.c > @@ -598,6 +598,7 @@ static int cifs_security_flags_proc_open(struct inode *inode, struct file *file) > static ssize_t cifs_security_flags_proc_write(struct file *file, > const char __user *buffer, size_t count, loff_t *ppos) > { > + int rc; > unsigned int flags; > char flags_string[12]; > char c; > @@ -620,26 +621,33 @@ static ssize_t cifs_security_flags_proc_write(struct file *file, > global_secflags = CIFSSEC_MAX; > return count; > } else if (!isdigit(c)) { > - cifs_dbg(VFS, "invalid flag %c\n", c); > + cifs_dbg(VFS, "Invalid SecurityFlags: %s\n", > + flags_string); > return -EINVAL; > } > } > - /* else we have a number */ > > - flags = simple_strtoul(flags_string, NULL, 0); > + /* else we have a number */ > + rc = kstrtouint(flags_string, 0, &flags); > + if (rc) { > + cifs_dbg(VFS, "Invalid SecurityFlags: %s\n", > + flags_string); > + return rc; > + } > > cifs_dbg(FYI, "sec flags 0x%x\n", flags); > > - if (flags <= 0) { > - cifs_dbg(VFS, "invalid security flags %s\n", flags_string); > + if (flags == 0) { > + cifs_dbg(VFS, "Invalid SecurityFlags: %s\n", flags_string); > return -EINVAL; > } > > if (flags & ~CIFSSEC_MASK) { > - cifs_dbg(VFS, "attempt to set unsupported security flags 0x%x\n", > + cifs_dbg(VFS, "Unsupported security flags: 0x%x\n", > flags & ~CIFSSEC_MASK); > return -EINVAL; > } > + > /* flags look ok - update the global security flags for cifs module */ > global_secflags = flags; > if (global_secflags & CIFSSEC_MUST_SIGN) { > -- > 1.8.1.4 > > -- > To unsubscribe from this list: send the line "unsubscribe linux-cifs" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html Reviewed-by: Pavel Shilovsky <piastry@xxxxxxxxxxx> -- Best regards, Pavel Shilovsky. -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html