diff options
-rw-r--r-- | fs/cifs/cifsacl.c | 6 | ||||
-rw-r--r-- | fs/cifs/cifsacl.h | 19 |
2 files changed, 19 insertions, 6 deletions
diff --git a/fs/cifs/cifsacl.c b/fs/cifs/cifsacl.c index 141a944c9dfd..dd8d3df74298 100644 --- a/fs/cifs/cifsacl.c +++ b/fs/cifs/cifsacl.c @@ -280,7 +280,7 @@ cifs_copy_sid(struct cifs_sid *dst, const struct cifs_sid *src) int i; dst->revision = src->revision; - dst->num_subauth = min_t(u8, src->num_subauth, NUM_SUBAUTHS); + dst->num_subauth = min_t(u8, src->num_subauth, SID_MAX_SUB_AUTHORITIES); for (i = 0; i < NUM_AUTHS; ++i) dst->authority[i] = src->authority[i]; for (i = 0; i < dst->num_subauth; ++i) @@ -383,7 +383,7 @@ id_to_sid(unsigned long cid, uint sidtype, struct cifs_sid *ssid) if (!npsidid) return -ENOMEM; - npsidid->sidstr = kmalloc(SIDLEN, GFP_KERNEL); + npsidid->sidstr = kmalloc(SID_STRING_MAX, GFP_KERNEL); if (!npsidid->sidstr) { kfree(npsidid); return -ENOMEM; @@ -500,7 +500,7 @@ sid_to_id(struct cifs_sb_info *cifs_sb, struct cifs_sid *psid, if (!npsidid) return -ENOMEM; - npsidid->sidstr = kmalloc(SIDLEN, GFP_KERNEL); + npsidid->sidstr = kmalloc(SID_STRING_MAX, GFP_KERNEL); if (!npsidid->sidstr) { kfree(npsidid); return -ENOMEM; diff --git a/fs/cifs/cifsacl.h b/fs/cifs/cifsacl.h index 7e52f19f996f..8b980cd445c0 100644 --- a/fs/cifs/cifsacl.h +++ b/fs/cifs/cifsacl.h @@ -24,7 +24,7 @@ #define NUM_AUTHS 6 /* number of authority fields */ -#define NUM_SUBAUTHS 5 /* number of sub authority fields */ +#define SID_MAX_SUB_AUTHORITIES (15) /* max number of sub authority fields */ #define NUM_WK_SIDS 7 /* number of well known sids */ #define SIDNAMELENGTH 20 /* long enough for the ones we care about */ #define DEFSECDESCLEN 192 /* sec desc len contaiting a dacl with three aces */ @@ -41,7 +41,20 @@ #define SIDOWNER 1 #define SIDGROUP 2 -#define SIDLEN 150 /* S- 1 revision- 6 authorities- max 5 sub authorities */ + +/* + * Maximum size of a string representation of a SID: + * + * The fields are unsigned values in decimal. So: + * + * u8: max 3 bytes in decimal + * u32: max 10 bytes in decimal + * + * "S-" + 3 bytes for version field + 4 bytes for each authority field (3 bytes + * per number + 1 for '-') + 11 bytes for each subauthority field (10 bytes + * per number + 1 for '-') + NULL terminator. + */ +#define SID_STRING_MAX (195) #define SID_ID_MAPPED 0 #define SID_ID_PENDING 1 @@ -61,7 +74,7 @@ struct cifs_sid { __u8 revision; /* revision level */ __u8 num_subauth; __u8 authority[NUM_AUTHS]; - __le32 sub_auth[NUM_SUBAUTHS]; /* sub_auth[num_subauth] */ + __le32 sub_auth[SID_MAX_SUB_AUTHORITIES]; /* sub_auth[num_subauth] */ } __attribute__((packed)); /* size of a struct cifs_sid, sans sub_auth array */ |