[linux-cifs-client] [RFC/PATCH: 2/2]: CIFS: Add kernel warning if
password length exceeds limit
Suresh Jayaraman
sjayaraman at suse.de
Wed Jan 23 14:46:13 GMT 2008
Add a kernel warning if password length exceeds 16 bytes in case of
"sec=lanman". Also, add password length check as Windows passwords
are limited to 127 bytes.
Signed-off-by: Suresh Jayaraman <sjayaraman at suse.de>
---
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index fd9147c..c6dd91f 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -880,10 +880,11 @@ cifs_parse_mount_options(char *options, const char *devname,
vol->password = NULL;
continue;
}
+ } else if (strnlen(value, 128) >= 128) {
+ printk(KERN_WARNING "CIFS: password too long\n");
+ return 1;
}
temp_len = strlen(value);
- /* removed password length check, NTLM passwords
- can be arbitrarily long */
/* if comma in password, the string will be
prematurely null terminated. Commas in password are
@@ -988,6 +989,11 @@ cifs_parse_mount_options(char *options, const char *devname,
vol->secFlg |= CIFSSEC_MAY_NTLMV2;
#ifdef CONFIG_CIFS_WEAK_PW_HASH
} else if (strnicmp(value, "lanman", 6) == 0) {
+ if (strnlen(vol->password, 17) >= 17) {
+ printk(KERN_WARNING "CIFS: password too"
+ "long for lanman sec mode\n");
+ return 1;
+ }
vol->secFlg |= CIFSSEC_MAY_LANMAN;
#endif
} else if (strnicmp(value, "none", 4) == 0) {
More information about the linux-cifs-client
mailing list