Re: [PATCH 1/1] cifs: potential memory leaks when parsing mnt opts

From: Taesoo Kim
Date: Sat Mar 21 2015 - 23:23:49 EST

Next message: NeilBrown: "Re: [PATCH 2/3] TTY: add support for tty_slave devices."
Previous message: Scott Feldman: "Re: [PATCH] Net: ethernet: rocker: fixed a space coding style issue"
In reply to: Scott Lovenberg: "Re: [PATCH 1/1] cifs: potential memory leaks when parsing mnt opts"
Next in thread: Scott Lovenberg: "Re: [PATCH 1/1] cifs: potential memory leaks when parsing mnt opts"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 03/21/15 at 09:10pm, Scott Lovenberg wrote:
> On Sat, Mar 21, 2015 at 6:08 PM, Taesoo Kim <tsgatesv@xxxxxxxxx> wrote:
>
> > Althouhg mkfs.cifs in userspace performs a bit of sanitization
> > (e.g., forcing one user option), current implementation is not
> > robust. Other options such as iocharset and domainanme are similary
> > vulnerable.
> >
>
> I assume you mean mount.cifs? :-) Anyways, good catch.

Right. FYI, I've tried mangling password field (e.g., pass=a,user=A
&c); Skimming through the code (just a few minutes), there are a few
potential places that don't sanitize its string, unlike passwd. But
don't have much time to play with for now :)

Thanks,
Taesoo

> --
> Peace and Blessings,
> -Scott.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: NeilBrown: "Re: [PATCH 2/3] TTY: add support for tty_slave devices."
Previous message: Scott Feldman: "Re: [PATCH] Net: ethernet: rocker: fixed a space coding style issue"
In reply to: Scott Lovenberg: "Re: [PATCH 1/1] cifs: potential memory leaks when parsing mnt opts"
Next in thread: Scott Lovenberg: "Re: [PATCH 1/1] cifs: potential memory leaks when parsing mnt opts"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]