Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b363b330 authored Mar 18, 2009 by Steve French

[CIFS] Fix memory overwrite when saving nativeFileSystem field during mount



CIFS can allocate a few bytes to little for the nativeFileSystem field
during tree connect response processing during mount.  This can result
in a "Redzone overwritten" message to be logged.

Signed-off-by: Sridhar Vinay <vinaysridhar@in.ibm.com>
Acked-by: Shirish Pargaonkar <shirishp@us.ibm.com>
CC: Stable <stable@kernel.org>
Signed-off-by: Steve French <sfrench@us.ibm.com>

parent c6c00919

fs/cifs/CHANGES

+3 −0

Original line number	Diff line number	Diff line
		@@ -13,6 +13,9 @@ parameter to allow user to disable sending the (slow) SMB flush on
		fsync if desired (fsync still flushes all cached write data to the server).
		Posix file open support added (turned off after one attempt if server
		fails to support it properly, as with Samba server versions prior to 3.3.2)
		Fix "redzone overwritten" bug in cifs_put_tcon (CIFSTcon may allocate too
		little memory for the "nativeFileSystem" field returned by the server
		during mount).

		Version 1.56
		------------

fs/cifs/connect.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -3674,7 +3674,7 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
		BCC(smb_buffer_response)) {
		kfree(tcon->nativeFileSystem);
		tcon->nativeFileSystem =
		kzalloc(length + 2, GFP_KERNEL);
		kzalloc(2*(length + 1), GFP_KERNEL);
		if (tcon->nativeFileSystem)
		cifs_strfromUCS_le(
		tcon->nativeFileSystem,