Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b363b330 authored by Steve French's avatar Steve French
Browse files

[CIFS] Fix memory overwrite when saving nativeFileSystem field during mount



CIFS can allocate a few bytes to little for the nativeFileSystem field
during tree connect response processing during mount.  This can result
in a "Redzone overwritten" message to be logged.

Signed-off-by: default avatarSridhar Vinay <vinaysridhar@in.ibm.com>
Acked-by: default avatarShirish Pargaonkar <shirishp@us.ibm.com>
CC: Stable <stable@kernel.org>
Signed-off-by: default avatarSteve French <sfrench@us.ibm.com>
parent c6c00919
Loading
Loading
Loading
Loading
+3 −0
Original line number Diff line number Diff line
@@ -13,6 +13,9 @@ parameter to allow user to disable sending the (slow) SMB flush on
fsync if desired (fsync still flushes all cached write data to the server).
Posix file open support added (turned off after one attempt if server
fails to support it properly, as with Samba server versions prior to 3.3.2)
Fix "redzone overwritten" bug in cifs_put_tcon (CIFSTcon may allocate too
little memory for the "nativeFileSystem" field returned by the server
during mount). 

Version 1.56
------------
+1 −1
Original line number Diff line number Diff line
@@ -3674,7 +3674,7 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
			    BCC(smb_buffer_response)) {
				kfree(tcon->nativeFileSystem);
				tcon->nativeFileSystem =
				    kzalloc(length + 2, GFP_KERNEL);
				    kzalloc(2*(length + 1), GFP_KERNEL);
				if (tcon->nativeFileSystem)
					cifs_strfromUCS_le(
						tcon->nativeFileSystem,