On Tue, Sep 07, 2021 at 06:04:03PM +0900, Sergey Senozhatsky wrote:
> On (21/09/07 11:54), Dan Carpenter wrote:
> > On Tue, Sep 07, 2021 at 05:06:04PM +0900, Sergey Senozhatsky wrote:
> > > On (21/09/07 10:34), Dan Carpenter wrote:
> > > >
> > > > id = le32_to_cpu(psid->sub_auth[psid->num_subauth - 1]);
> > > > - if (id >= 0) {
> > > > - /*
> > > > - * Translate raw sid into kuid in the server's user
> > > > - * namespace.
> > > > - */
> > > > - uid = make_kuid(&init_user_ns, id);
> > > > -
> > > > - /* If this is an idmapped mount, apply the idmapping. */
> > > > - uid = kuid_from_mnt(user_ns, uid);
> > > > - if (uid_valid(uid)) {
> > > > - fattr->cf_uid = uid;
> > > > - rc = 0;
> > > > - }
> > > > + /*
> > > > + * Translate raw sid into kuid in the server's user
> > > > + * namespace.
> > > > + */
> > > > + uid = make_kuid(&init_user_ns, id);
> > >
> > > Can make_kuid() return INVALID_UID? IOW, uid_valid(uid) here as well?
> >
> > No need to check twice. We're going to check at the end.
> >
> > >
> > > > +
> > > > + /* If this is an idmapped mount, apply the idmapping. */
> > > > + uid = kuid_from_mnt(user_ns, uid);
> > > > + if (uid_valid(uid)) {
> > ^^^^^^^^^^^^^^
> > The check here is sufficient.
>
> My point was more that a potentially invalid UID is passed to kuid_from_mnt()
> and kgid_from_mnt(). I don't see map_id_up(), for example, checking that
> passed UID is valid. So decided to double check.
But you've seen it now, right? The kuid_from_mnt() will return
INVALID_UID if you pass it any unknown uid (including INVALID_UID).
regards,
dan carpenter
