From: Yiqi Sun sunyiqixm@gmail.com
[ Upstream commit ed6612165b74f09db00ef0abaf9831895ab28b7f ]
Since the maximum return value of strnlen(..., CIFS_MAX_USERNAME_LEN) is CIFS_MAX_USERNAME_LEN, length check in smb3_fs_context_parse_param() is always FALSE and invalid.
Fix the comparison in if statement.
Signed-off-by: Yiqi Sun sunyiqixm@gmail.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Sasha Levin sashal@kernel.org ---
LLM Generated explanations, may be completely bogus:
## CONCLUSION
This commit fixes a **5-year-old logic error** in SMB/CIFS username validation that has existed since the mount API refactoring in v5.11 (December 2020). The bug is a classic off-by-one comparison error where `strnlen(..., 256) > 256` is always false because strnlen returns at most 256.
**The bug causes:** - **Validation bypass** allowing usernames longer than 256 characters - **Memory waste** through unnecessary kernel allocations - **Authentication failures** with confusing error messages when truncated usernames are sent to servers - **Protocol non-compliance** with SMB username length limits
**The fix is trivial:** - Changes one character: `>` becomes `==` - Brings username validation in line with domain name validation (same file, line 1509) - Zero risk of regression (only makes validation stricter)
**Evidence supporting backport:** - **Already backported** to 7+ stable trees (6.12.y, 6.11.y, 6.6.y, 6.1.y, 5.15.y, 5.10.y, 5.4.y) - **Obviously correct** - single-character fix that matches the pattern used elsewhere - **Small and contained** - one line in one file - **Fixes real user issues** - authentication failures with long usernames - **Long-standing bug** - affects all kernels from v5.11 to present
This is a **textbook example** of an appropriate stable kernel backport: small, surgical, obviously correct, fixes a real bug, and carries no regression risk.
**YES**
fs/smb/client/fs_context.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/smb/client/fs_context.c b/fs/smb/client/fs_context.c index 072383899e817..8470ecd6f8924 100644 --- a/fs/smb/client/fs_context.c +++ b/fs/smb/client/fs_context.c @@ -1470,7 +1470,7 @@ static int smb3_fs_context_parse_param(struct fs_context *fc, break; }
- if (strnlen(param->string, CIFS_MAX_USERNAME_LEN) > + if (strnlen(param->string, CIFS_MAX_USERNAME_LEN) == CIFS_MAX_USERNAME_LEN) { pr_warn("username too long\n"); goto cifs_parse_mount_err;