diff mbox series

[SRU,J,1/1] smb: client: set correct id, uid and cruid for multiuser automounts

Message ID 20241112143320.58210-2-massimiliano.pellizzer@canonical.com
State New
Headers show
Series [SRU,J,1/1] smb: client: set correct id, uid and cruid for multiuser automounts | expand

Commit Message

Massimiliano Pellizzer Nov. 12, 2024, 2:33 p.m. UTC
From: Paulo Alcantara <pc@manguebit.com>

commit 4508ec17357094e2075f334948393ddedbb75157 upstream.

When uid, gid and cruid are not specified, we need to dynamically
set them into the filesystem context used for automounting otherwise
they'll end up reusing the values from the parent mount.

Fixes: 9fd29a5bae6e ("cifs: use fs_context for automounts")
Reported-by: Shane Nehring <snehring@iastate.edu>
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2259257
Cc: stable@vger.kernel.org # 6.2+
Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(backported from commit c2aa2718cda2d56b4a551cb40043e9abc9684626 linux-6.6.y)
[mpellizzer: backported considering that the function affected by the
bug, in Jammy, is inside the file fs/cifs/cifs_dfs_ref.c, instead of
fs/smb/client/namespace.c]
CVE-2024-26822
Signed-off-by: Massimiliano Pellizzer <massimiliano.pellizzer@canonical.com>
---
 fs/cifs/cifs_dfs_ref.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
diff mbox series

Patch

diff --git a/fs/cifs/cifs_dfs_ref.c b/fs/cifs/cifs_dfs_ref.c
index 020e71fe1454..43fc2d95a4b9 100644
--- a/fs/cifs/cifs_dfs_ref.c
+++ b/fs/cifs/cifs_dfs_ref.c
@@ -258,6 +258,21 @@  char *cifs_compose_mount_options(const char *sb_mountdata,
 	goto compose_mount_options_out;
 }
 
+static void fs_context_set_ids(struct smb3_fs_context *ctx)
+{
+	kuid_t uid = current_fsuid();
+	kgid_t gid = current_fsgid();
+
+	if (ctx->multiuser) {
+		if (!ctx->uid_specified)
+			ctx->linux_uid = uid;
+		if (!ctx->gid_specified)
+			ctx->linux_gid = gid;
+	}
+	if (!ctx->cruid_specified)
+		ctx->cred_uid = uid;
+}
+
 /*
  * Create a vfsmount that we can automount
  */
@@ -308,6 +323,7 @@  static struct vfsmount *cifs_dfs_do_automount(struct path *path)
 	tmp = *cur_ctx;
 	tmp.source = full_path;
 	tmp.UNC = tmp.prepath = NULL;
+	fs_context_set_ids(&tmp);
 
 	rc = smb3_fs_context_dup(ctx, &tmp);
 	if (rc) {