diff options
author | Steve French <sfrench@us.ibm.com> | 2009-03-18 01:57:22 -0400 |
---|---|---|
committer | Steve French <sfrench@us.ibm.com> | 2009-03-18 01:57:22 -0400 |
commit | b363b3304bcf68c4541683b2eff70b29f0446a5b (patch) | |
tree | da2a563b452cc14f900394f3ad56aa47701c5ea5 /fs | |
parent | c6c00919ab16717f228aac20ee72dc83c4430537 (diff) |
[CIFS] Fix memory overwrite when saving nativeFileSystem field during mount
CIFS can allocate a few bytes to little for the nativeFileSystem field
during tree connect response processing during mount. This can result
in a "Redzone overwritten" message to be logged.
Signed-off-by: Sridhar Vinay <vinaysridhar@in.ibm.com>
Acked-by: Shirish Pargaonkar <shirishp@us.ibm.com>
CC: Stable <stable@kernel.org>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/cifs/CHANGES | 3 | ||||
-rw-r--r-- | fs/cifs/connect.c | 2 |
2 files changed, 4 insertions, 1 deletions
diff --git a/fs/cifs/CHANGES b/fs/cifs/CHANGES index fc977dfe9593..65984006192c 100644 --- a/fs/cifs/CHANGES +++ b/fs/cifs/CHANGES | |||
@@ -13,6 +13,9 @@ parameter to allow user to disable sending the (slow) SMB flush on | |||
13 | fsync if desired (fsync still flushes all cached write data to the server). | 13 | fsync if desired (fsync still flushes all cached write data to the server). |
14 | Posix file open support added (turned off after one attempt if server | 14 | Posix file open support added (turned off after one attempt if server |
15 | fails to support it properly, as with Samba server versions prior to 3.3.2) | 15 | fails to support it properly, as with Samba server versions prior to 3.3.2) |
16 | Fix "redzone overwritten" bug in cifs_put_tcon (CIFSTcon may allocate too | ||
17 | little memory for the "nativeFileSystem" field returned by the server | ||
18 | during mount). | ||
16 | 19 | ||
17 | Version 1.56 | 20 | Version 1.56 |
18 | ------------ | 21 | ------------ |
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index cd4ccc8ce471..0de3b5615a22 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c | |||
@@ -3674,7 +3674,7 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses, | |||
3674 | BCC(smb_buffer_response)) { | 3674 | BCC(smb_buffer_response)) { |
3675 | kfree(tcon->nativeFileSystem); | 3675 | kfree(tcon->nativeFileSystem); |
3676 | tcon->nativeFileSystem = | 3676 | tcon->nativeFileSystem = |
3677 | kzalloc(length + 2, GFP_KERNEL); | 3677 | kzalloc(2*(length + 1), GFP_KERNEL); |
3678 | if (tcon->nativeFileSystem) | 3678 | if (tcon->nativeFileSystem) |
3679 | cifs_strfromUCS_le( | 3679 | cifs_strfromUCS_le( |
3680 | tcon->nativeFileSystem, | 3680 | tcon->nativeFileSystem, |