linux-cifs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Steve French <smfrench@gmail.com>
To: Shyam Prasad N <nspmangalore@gmail.com>
Cc: CIFS <linux-cifs@vger.kernel.org>
Subject: 2 error cases in sid_to_id are ignored
Date: Mon, 21 Jun 2021 15:57:05 -0500	[thread overview]
Message-ID: <CAH2r5mu4uEOP4r-KnF+bZGqPjdRwkaZanD1sE_JHuoK=jB_nnA@mail.gmail.com> (raw)

There are two cases (see below) in sid_to_id where errors occur
mapping the uid but the rc  which is set is overwritten (reset to 0
before return).

        saved_cred = override_creds(root_cred);
        sidkey = request_key(&cifs_idmap_key_type, sidstr, "");
        if (IS_ERR(sidkey)) {
                rc = -EINVAL;
                cifs_dbg(FYI, "%s: Can't map SID %s to a %cid\n",
                         __func__, sidstr, sidtype == SIDOWNER ? 'u' : 'g');
                goto out_revert_creds;
        }

        /*
         * FIXME: Here we assume that uid_t and gid_t are same size. It's
         * probably a safe assumption but might be better to check based on
         * sidtype.
         */
        BUILD_BUG_ON(sizeof(uid_t) != sizeof(gid_t));
        if (sidkey->datalen != sizeof(uid_t)) {
                rc = -EIO;
                cifs_dbg(FYI, "%s: Downcall contained malformed key
(datalen=%hu)\n",
                         __func__, sidkey->datalen);
                key_invalidate(sidkey);
                goto out_key_put;
        }



since later in the function we do:



out_key_put:
        key_put(sidkey);
out_revert_creds:
        revert_creds(saved_cred);
        kfree(sidstr);

        /*
         * Note that we return 0 here unconditionally. If the mapping
         * fails then we just fall back to using the ctx->linux_uid/linux_gid.
         */
got_valid_id:
        rc = 0;
        if (sidtype == SIDOWNER)
                fattr->cf_uid = fuid;
        else
                fattr->cf_gid = fgid;
        return rc;
}


Any thoughts on whether it would be better to return the errors, or
continue the current strategy of simply using the default uid/gid for
the mount and returning 0 (and removing the two places above where we
set rc to non zero values, since rc will be overwritten with 0)?


-- 
Thanks,

Steve

             reply	other threads:[~2021-06-21 20:57 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-06-21 20:57 Steve French [this message]
2021-06-22 10:18 ` Aurélien Aptel
2021-06-22 19:05   ` Steve French
2021-06-22 19:16     ` Steve French

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAH2r5mu4uEOP4r-KnF+bZGqPjdRwkaZanD1sE_JHuoK=jB_nnA@mail.gmail.com' \
    --to=smfrench@gmail.com \
    --cc=linux-cifs@vger.kernel.org \
    --cc=nspmangalore@gmail.com \
    --subject='Re: 2 error cases in sid_to_id are ignored' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).