diff options
author | Steve French <sfrench@us.ibm.com> | 2009-03-26 23:05:15 +0000 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@suse.de> | 2009-05-02 10:23:35 -0700 |
commit | 080be8b26ef33af424efb9a64c95cd7766cdc114 (patch) | |
tree | 0496770eaa7a98b7e6fb93d513a2a5d4f21e51ae /fs | |
parent | b35d63e5d76dae5b1c5f796a78df6e8fc2b76850 (diff) | |
download | lwn-080be8b26ef33af424efb9a64c95cd7766cdc114.tar.gz lwn-080be8b26ef33af424efb9a64c95cd7766cdc114.zip |
CIFS: Fix memory overwrite when saving nativeFileSystem field during mount
upstream commit: b363b3304bcf68c4541683b2eff70b29f0446a5b
CIFS can allocate a few bytes to little for the nativeFileSystem field
during tree connect response processing during mount. This can result
in a "Redzone overwritten" message to be logged.
Signed-off-by: Sridhar Vinay <vinaysridhar@in.ibm.com>
Acked-by: Shirish Pargaonkar <shirishp@us.ibm.com>
CC: Stable <stable@kernel.org>
Signed-off-by: Steve French <sfrench@us.ibm.com>
[chrisw: minor backport to CHANGES file]
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/cifs/CHANGES | 3 | ||||
-rw-r--r-- | fs/cifs/connect.c | 2 |
2 files changed, 4 insertions, 1 deletions
diff --git a/fs/cifs/CHANGES b/fs/cifs/CHANGES index 088e9ae5c58d..455257e71e00 100644 --- a/fs/cifs/CHANGES +++ b/fs/cifs/CHANGES @@ -1,4 +1,7 @@ Fix oops in cifs_dfs_ref.c when prefixpath is not reachable when using DFS. +Fix "redzone overwritten" bug in cifs_put_tcon (CIFSTcon may allocate too +little memory for the "nativeFileSystem" field returned by the server +during mount). Version 1.54 ------------ diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index f254235814a8..21a1abfbb447 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -3549,7 +3549,7 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses, BCC(smb_buffer_response)) { kfree(tcon->nativeFileSystem); tcon->nativeFileSystem = - kzalloc(length + 2, GFP_KERNEL); + kzalloc(2*(length + 1), GFP_KERNEL); if (tcon->nativeFileSystem) cifs_strfromUCS_le( tcon->nativeFileSystem, |