subject:"CVS commit\: \[netbsd\-8\] src\/sys\/netsmb"

CVS commit: [netbsd-8] src/sys/netsmb

2019-05-07 Thread Martin Husemann

Module Name:src
Committed By:   martin
Date:   Tue May  7 18:50:45 UTC 2019

Modified Files:
src/sys/netsmb [netbsd-8]: smb_conn.c

Log Message:
Pull up following revision(s) (requested by christos in ticket #1258):

sys/netsmb/smb_conn.c: revision 1.30

Prevent a NULL pointer dereference when the local endpoint is not defined.

>From Andy Nguyen, many thanks.


To generate a diff of this commit:
cvs rdiff -u -r1.29 -r1.29.32.1 src/sys/netsmb/smb_conn.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netsmb/smb_conn.c
diff -u src/sys/netsmb/smb_conn.c:1.29 src/sys/netsmb/smb_conn.c:1.29.32.1
--- src/sys/netsmb/smb_conn.c:1.29	Sun Apr 29 20:27:31 2012
+++ src/sys/netsmb/smb_conn.c	Tue May  7 18:50:45 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: smb_conn.c,v 1.29 2012/04/29 20:27:31 dsl Exp $	*/
+/*	$NetBSD: smb_conn.c,v 1.29.32.1 2019/05/07 18:50:45 martin Exp $	*/
 
 /*-
  * Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -61,7 +61,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: smb_conn.c,v 1.29 2012/04/29 20:27:31 dsl Exp $");
+__KERNEL_RCSID(0, "$NetBSD: smb_conn.c,v 1.29.32.1 2019/05/07 18:50:45 martin Exp $");
 
 /*
  * Connection engine.
@@ -553,7 +553,8 @@ smb_vc_create(struct smb_vcspec *vcspec,
 	if ((vcp->vc_paddr = dup_sockaddr(vcspec->sap, 1)) == NULL)
 		goto fail;
 
-	if ((vcp->vc_laddr = dup_sockaddr(vcspec->lap, 1)) == NULL)
+	if (vcspec->lap && 
+	(vcp->vc_laddr = dup_sockaddr(vcspec->lap, 1)) == NULL)
 		goto fail;
 
 	if ((vcp->vc_pass = smb_strdup(vcspec->pass)) == NULL)

CVS commit: [netbsd-8] src/sys/netsmb

2019-05-07 Thread Martin Husemann

Module Name:src
Committed By:   martin
Date:   Tue May  7 18:50:45 UTC 2019

Modified Files:
src/sys/netsmb [netbsd-8]: smb_conn.c

Log Message:
Pull up following revision(s) (requested by christos in ticket #1258):

sys/netsmb/smb_conn.c: revision 1.30

Prevent a NULL pointer dereference when the local endpoint is not defined.

>From Andy Nguyen, many thanks.


To generate a diff of this commit:
cvs rdiff -u -r1.29 -r1.29.32.1 src/sys/netsmb/smb_conn.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-8] src/sys/netsmb

2017-08-08 Thread Soren Jacobsen

Module Name:src
Committed By:   snj
Date:   Wed Aug  9 05:27:14 UTC 2017

Modified Files:
src/sys/netsmb [netbsd-8]: smb_dev.c smb_subr.c smb_subr.h smb_usr.c

Log Message:
Pull up following revision(s) (requested by spz in ticket #197):
sys/netsmb/smb_dev.c: revision 1.50
sys/netsmb/smb_subr.c: revision 1.38
sys/netsmb/smb_subr.h: revision 1.22
sys/netsmb/smb_usr.c: revision 1.17-1.19
Reject allocations for too-small buffers from userland.
>From Ilja Van Sprundel.
--
Plug another overflow: refuse bogus sa_len from user.
--
Reject negative ioc_setupcnt.
--
Reject negative offset/count for smb read/write.
Not clear that this is actually a problem for the kernel -- might
overwrite user's buffers or return garbage to user, but that's their
own damn fault.  But it's hard to imagine that negative offset/count
ever makes sense, and I haven't ruled out a problem for the kernel.


To generate a diff of this commit:
cvs rdiff -u -r1.49 -r1.49.8.1 src/sys/netsmb/smb_dev.c
cvs rdiff -u -r1.37 -r1.37.12.1 src/sys/netsmb/smb_subr.c
cvs rdiff -u -r1.21 -r1.21.32.1 src/sys/netsmb/smb_subr.h
cvs rdiff -u -r1.16 -r1.16.56.1 src/sys/netsmb/smb_usr.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-8] src/sys/netsmb

2017-08-08 Thread Soren Jacobsen

Module Name:src
Committed By:   snj
Date:   Wed Aug  9 05:27:14 UTC 2017

Modified Files:
src/sys/netsmb [netbsd-8]: smb_dev.c smb_subr.c smb_subr.h smb_usr.c

Log Message:
Pull up following revision(s) (requested by spz in ticket #197):
sys/netsmb/smb_dev.c: revision 1.50
sys/netsmb/smb_subr.c: revision 1.38
sys/netsmb/smb_subr.h: revision 1.22
sys/netsmb/smb_usr.c: revision 1.17-1.19
Reject allocations for too-small buffers from userland.
>From Ilja Van Sprundel.
--
Plug another overflow: refuse bogus sa_len from user.
--
Reject negative ioc_setupcnt.
--
Reject negative offset/count for smb read/write.
Not clear that this is actually a problem for the kernel -- might
overwrite user's buffers or return garbage to user, but that's their
own damn fault.  But it's hard to imagine that negative offset/count
ever makes sense, and I haven't ruled out a problem for the kernel.


To generate a diff of this commit:
cvs rdiff -u -r1.49 -r1.49.8.1 src/sys/netsmb/smb_dev.c
cvs rdiff -u -r1.37 -r1.37.12.1 src/sys/netsmb/smb_subr.c
cvs rdiff -u -r1.21 -r1.21.32.1 src/sys/netsmb/smb_subr.h
cvs rdiff -u -r1.16 -r1.16.56.1 src/sys/netsmb/smb_usr.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netsmb/smb_dev.c
diff -u src/sys/netsmb/smb_dev.c:1.49 src/sys/netsmb/smb_dev.c:1.49.8.1
--- src/sys/netsmb/smb_dev.c:1.49	Mon Jul 18 21:03:01 2016
+++ src/sys/netsmb/smb_dev.c	Wed Aug  9 05:27:14 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: smb_dev.c,v 1.49 2016/07/18 21:03:01 pgoyette Exp $	*/
+/*	$NetBSD: smb_dev.c,v 1.49.8.1 2017/08/09 05:27:14 snj Exp $	*/
 
 /*
  * Copyright (c) 2000-2001 Boris Popov
@@ -35,7 +35,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: smb_dev.c,v 1.49 2016/07/18 21:03:01 pgoyette Exp $");
+__KERNEL_RCSID(0, "$NetBSD: smb_dev.c,v 1.49.8.1 2017/08/09 05:27:14 snj Exp $");
 
 #include 
 #include 
@@ -345,6 +345,8 @@ nsmb_dev_ioctl(dev_t dev, u_long cmd, vo
 		struct uio auio;
 		struct iovec iov;
 
+		if (rwrq->ioc_cnt < 0 || rwrq->ioc_offset < 0)
+			return EINVAL;
 		if ((ssp = sdp->sd_share) == NULL)
 			return ENOTCONN;
 		iov.iov_base = rwrq->ioc_base;

Index: src/sys/netsmb/smb_subr.c
diff -u src/sys/netsmb/smb_subr.c:1.37 src/sys/netsmb/smb_subr.c:1.37.12.1
--- src/sys/netsmb/smb_subr.c:1.37	Sat Nov 15 18:52:45 2014
+++ src/sys/netsmb/smb_subr.c	Wed Aug  9 05:27:14 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: smb_subr.c,v 1.37 2014/11/15 18:52:45 nakayama Exp $	*/
+/*	$NetBSD: smb_subr.c,v 1.37.12.1 2017/08/09 05:27:14 snj Exp $	*/
 
 /*
  * Copyright (c) 2000-2001 Boris Popov
@@ -35,7 +35,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: smb_subr.c,v 1.37 2014/11/15 18:52:45 nakayama Exp $");
+__KERNEL_RCSID(0, "$NetBSD: smb_subr.c,v 1.37.12.1 2017/08/09 05:27:14 snj Exp $");
 
 #include 
 #include 
@@ -380,3 +380,32 @@ dup_sockaddr(struct sockaddr *sa, int ca
 		memcpy(sa2, sa, sa->sa_len);
 	return sa2;
 }
+
+int
+dup_sockaddr_copyin(struct sockaddr **ksap, struct sockaddr *usa,
+size_t usalen)
+{
+	struct sockaddr *ksa;
+
+	/* Make sure user provided enough data for a generic sockaddr.  */
+	if (usalen < sizeof(*ksa))
+		return EINVAL;
+
+	/* Don't let the user overfeed us.  */
+	usalen = MIN(usalen, sizeof(struct sockaddr_storage));
+
+	/* Copy the buffer in from userland.  */
+	ksa = smb_memdupin(usa, usalen);
+	if (ksa == NULL)
+		return ENOMEM;
+
+	/* Make sure the user's idea of sa_len is reasonable.  */
+	if (ksa->sa_len > usalen) {
+		smb_memfree(ksa);
+		return EINVAL;
+	}
+
+	/* Success!  */
+	*ksap = ksa;
+	return 0;
+}

Index: src/sys/netsmb/smb_subr.h
diff -u src/sys/netsmb/smb_subr.h:1.21 src/sys/netsmb/smb_subr.h:1.21.32.1
--- src/sys/netsmb/smb_subr.h:1.21	Tue Mar 13 18:41:01 2012
+++ src/sys/netsmb/smb_subr.h	Wed Aug  9 05:27:14 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: smb_subr.h,v 1.21 2012/03/13 18:41:01 elad Exp $	*/
+/*	$NetBSD: smb_subr.h,v 1.21.32.1 2017/08/09 05:27:14 snj Exp $	*/
 
 /*
  * Copyright (c) 2000-2001, Boris Popov
@@ -128,5 +128,6 @@ int  smb_put_asunistring(struct smb_rq *
 #endif
 
 struct sockaddr *dup_sockaddr(struct sockaddr *, int);
+int dup_sockaddr_copyin(struct sockaddr **, struct sockaddr *, size_t);
 
 #endif /* !_NETSMB_SMB_SUBR_H_ */

Index: src/sys/netsmb/smb_usr.c
diff -u src/sys/netsmb/smb_usr.c:1.16 src/sys/netsmb/smb_usr.c:1.16.56.1
--- src/sys/netsmb/smb_usr.c:1.16	Wed Mar 18 16:00:24 2009
+++ src/sys/netsmb/smb_usr.c	Wed Aug  9 05:27:14 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: smb_usr.c,v 1.16 2009/03/18 16:00:24 cegger Exp $	*/
+/*	$NetBSD: smb_usr.c,v 1.16.56.1 2017/08/09 05:27:14 snj Exp $	*/
 
 /*
  * Copyright (c) 2000-2001 Boris Popov
@@ -35,7 +35,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: smb_usr.c,v 1.16 2009/03/18 16:00:24 cegger Exp $");
+__KERNEL_RCSID(0, "$NetBSD: smb_usr.c,v 1.16.56.1 2017/08/09 05:27:14 snj Exp $");
 
 #include 
 #include 
@@ -65,6 +65,7 @@ static int
 smb_usr_vc2spec(struct

CVS commit: [netbsd-8] src/sys/netsmb

CVS commit: [netbsd-8] src/sys/netsmb

CVS commit: [netbsd-8] src/sys/netsmb

CVS commit: [netbsd-8] src/sys/netsmb

4 matches

Site Navigation

Mail list logo

Footer information