On 03/21/15 at 09:10pm, Scott Lovenberg wrote: > On Sat, Mar 21, 2015 at 6:08 PM, Taesoo Kim <tsgatesv@xxxxxxxxx> wrote: > > > Althouhg mkfs.cifs in userspace performs a bit of sanitization > > (e.g., forcing one user option), current implementation is not > > robust. Other options such as iocharset and domainanme are similary > > vulnerable. > > > > I assume you mean mount.cifs? :-) Anyways, good catch. Right. FYI, I've tried mangling password field (e.g., pass=a,user=A &c); Skimming through the code (just a few minutes), there are a few potential places that don't sanitize its string, unlike passwd. But don't have much time to play with for now :) Thanks, Taesoo > -- > Peace and Blessings, > -Scott. -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
