diff options
author | Steve French <sfrench@us.ibm.com> | 2008-04-09 20:55:31 +0000 |
---|---|---|
committer | Steve French <sfrench@us.ibm.com> | 2008-04-09 20:55:31 +0000 |
commit | cce246ee5f3c7f4d3539ea41d13feb7a07859145 (patch) | |
tree | 693fe2aa45f3772fba1416cb45ce8b278fd6a06e | |
parent | 35028d71116926008f5c19b8fcb00aacaabf5eab (diff) | |
download | op-kernel-dev-cce246ee5f3c7f4d3539ea41d13feb7a07859145.zip op-kernel-dev-cce246ee5f3c7f4d3539ea41d13feb7a07859145.tar.gz |
[CIFS] Fix acl length when very short ACL being modified by chmod
Signed-off-by: Shirish Pargaonkar <shirishp@us.ibm.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
-rw-r--r-- | fs/cifs/cifsacl.c | 14 | ||||
-rw-r--r-- | fs/cifs/cifsacl.h | 1 |
2 files changed, 9 insertions, 6 deletions
diff --git a/fs/cifs/cifsacl.c b/fs/cifs/cifsacl.c index 1cb5b0a..e99d4fa 100644 --- a/fs/cifs/cifsacl.c +++ b/fs/cifs/cifsacl.c @@ -516,7 +516,7 @@ static int parse_sec_desc(struct cifs_ntsd *pntsd, int acl_len, /* Convert permission bits from mode to equivalent CIFS ACL */ static int build_sec_desc(struct cifs_ntsd *pntsd, struct cifs_ntsd *pnntsd, - int acl_len, struct inode *inode, __u64 nmode) + struct inode *inode, __u64 nmode) { int rc = 0; __u32 dacloffset; @@ -692,14 +692,14 @@ void acl_to_uid_mode(struct inode *inode, const char *path, const __u16 *pfid) int mode_to_acl(struct inode *inode, const char *path, __u64 nmode) { int rc = 0; - __u32 acllen = 0; + __u32 secdesclen = 0; struct cifs_ntsd *pntsd = NULL; /* acl obtained from server */ struct cifs_ntsd *pnntsd = NULL; /* modified acl to be sent to server */ cFYI(DBG2, ("set ACL from mode for %s", path)); /* Get the security descriptor */ - pntsd = get_cifs_acl(&acllen, inode, path, NULL); + pntsd = get_cifs_acl(&secdesclen, inode, path, NULL); /* Add three ACEs for owner, group, everyone getting rid of other ACEs as chmod disables ACEs and set the security descriptor */ @@ -709,20 +709,22 @@ int mode_to_acl(struct inode *inode, const char *path, __u64 nmode) set security descriptor request security descriptor parameters, and secuirty descriptor itself */ - pnntsd = kmalloc(acllen, GFP_KERNEL); + secdesclen = secdesclen < DEFSECDESCLEN ? + DEFSECDESCLEN : secdesclen; + pnntsd = kmalloc(secdesclen, GFP_KERNEL); if (!pnntsd) { cERROR(1, ("Unable to allocate security descriptor")); kfree(pntsd); return (-ENOMEM); } - rc = build_sec_desc(pntsd, pnntsd, acllen, inode, nmode); + rc = build_sec_desc(pntsd, pnntsd, inode, nmode); cFYI(DBG2, ("build_sec_desc rc: %d", rc)); if (!rc) { /* Set the security descriptor */ - rc = set_cifs_acl(pnntsd, acllen, inode, path); + rc = set_cifs_acl(pnntsd, secdesclen, inode, path); cFYI(DBG2, ("set_cifs_acl rc: %d", rc)); } diff --git a/fs/cifs/cifsacl.h b/fs/cifs/cifsacl.h index 93a7c34..6c8096c 100644 --- a/fs/cifs/cifsacl.h +++ b/fs/cifs/cifsacl.h @@ -27,6 +27,7 @@ #define NUM_SUBAUTHS 5 /* number of sub authority fields */ #define NUM_WK_SIDS 7 /* number of well known sids */ #define SIDNAMELENGTH 20 /* long enough for the ones we care about */ +#define DEFSECDESCLEN 192 /* sec desc len contaiting a dacl with three aces */ #define READ_BIT 0x4 #define WRITE_BIT 0x2 |