From mboxrd@z Thu Jan 1 00:00:00 1970 From: Taesoo Kim Subject: Re: [PATCH 1/1] cifs: potential memory leaks when parsing mnt opts Date: Sat, 21 Mar 2015 23:23:40 -0400 Message-ID: <20150322032340.GD5170@taesoo.org> References: <1426979310-31201-1-git-send-email-tsgatesv@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Taesoo Kim , "sfrench-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org" , linux-cifs , samba-technical-w/Ol4Ecudpl8XjKLYN78aQ@public.gmane.org, LKML , changwoo-/4noJB3qBVQ3uPMLIKxrzw@public.gmane.org, sanidhya-/4noJB3qBVQ3uPMLIKxrzw@public.gmane.org, blee-/4noJB3qBVQ3uPMLIKxrzw@public.gmane.org, csong84-/4noJB3qBVQ3uPMLIKxrzw@public.gmane.org To: Scott Lovenberg Return-path: Content-Disposition: inline In-Reply-To: Sender: linux-cifs-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org List-ID: On 03/21/15 at 09:10pm, Scott Lovenberg wrote: > On Sat, Mar 21, 2015 at 6:08 PM, Taesoo Kim wrote: > > > Althouhg mkfs.cifs in userspace performs a bit of sanitization > > (e.g., forcing one user option), current implementation is not > > robust. Other options such as iocharset and domainanme are similary > > vulnerable. > > > > I assume you mean mount.cifs? :-) Anyways, good catch. Right. FYI, I've tried mangling password field (e.g., pass=a,user=A &c); Skimming through the code (just a few minutes), there are a few potential places that don't sanitize its string, unlike passwd. But don't have much time to play with for now :) Thanks, Taesoo > -- > Peace and Blessings, > -Scott. From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751794AbbCVDXq (ORCPT ); Sat, 21 Mar 2015 23:23:46 -0400 Received: from mail-qc0-f169.google.com ([209.85.216.169]:34890 "EHLO mail-qc0-f169.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751608AbbCVDXo (ORCPT ); Sat, 21 Mar 2015 23:23:44 -0400 Date: Sat, 21 Mar 2015 23:23:40 -0400 From: Taesoo Kim To: Scott Lovenberg Cc: Taesoo Kim , "sfrench@samba.org" , linux-cifs , samba-technical@lists.samba.org, LKML , changwoo@gatech.edu, sanidhya@gatech.edu, blee@gatech.edu, csong84@gatech.edu Subject: Re: [PATCH 1/1] cifs: potential memory leaks when parsing mnt opts Message-ID: <20150322032340.GD5170@taesoo.org> References: <1426979310-31201-1-git-send-email-tsgatesv@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23.1-rc1 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 03/21/15 at 09:10pm, Scott Lovenberg wrote: > On Sat, Mar 21, 2015 at 6:08 PM, Taesoo Kim wrote: > > > Althouhg mkfs.cifs in userspace performs a bit of sanitization > > (e.g., forcing one user option), current implementation is not > > robust. Other options such as iocharset and domainanme are similary > > vulnerable. > > > > I assume you mean mount.cifs? :-) Anyways, good catch. Right. FYI, I've tried mangling password field (e.g., pass=a,user=A &c); Skimming through the code (just a few minutes), there are a few potential places that don't sanitize its string, unlike passwd. But don't have much time to play with for now :) Thanks, Taesoo > -- > Peace and Blessings, > -Scott.