aboutsummaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorSteve French <sfrench@us.ibm.com>2009-03-18 01:57:22 -0400
committerSteve French <sfrench@us.ibm.com>2009-03-18 01:57:22 -0400
commitb363b3304bcf68c4541683b2eff70b29f0446a5b (patch)
treeda2a563b452cc14f900394f3ad56aa47701c5ea5 /fs
parentc6c00919ab16717f228aac20ee72dc83c4430537 (diff)
[CIFS] Fix memory overwrite when saving nativeFileSystem field during mount
CIFS can allocate a few bytes to little for the nativeFileSystem field during tree connect response processing during mount. This can result in a "Redzone overwritten" message to be logged. Signed-off-by: Sridhar Vinay <vinaysridhar@in.ibm.com> Acked-by: Shirish Pargaonkar <shirishp@us.ibm.com> CC: Stable <stable@kernel.org> Signed-off-by: Steve French <sfrench@us.ibm.com>
Diffstat (limited to 'fs')
-rw-r--r--fs/cifs/CHANGES3
-rw-r--r--fs/cifs/connect.c2
2 files changed, 4 insertions, 1 deletions
diff --git a/fs/cifs/CHANGES b/fs/cifs/CHANGES
index fc977dfe9593..65984006192c 100644
--- a/fs/cifs/CHANGES
+++ b/fs/cifs/CHANGES
@@ -13,6 +13,9 @@ parameter to allow user to disable sending the (slow) SMB flush on
13fsync if desired (fsync still flushes all cached write data to the server). 13fsync if desired (fsync still flushes all cached write data to the server).
14Posix file open support added (turned off after one attempt if server 14Posix file open support added (turned off after one attempt if server
15fails to support it properly, as with Samba server versions prior to 3.3.2) 15fails to support it properly, as with Samba server versions prior to 3.3.2)
16Fix "redzone overwritten" bug in cifs_put_tcon (CIFSTcon may allocate too
17little memory for the "nativeFileSystem" field returned by the server
18during mount).
16 19
17Version 1.56 20Version 1.56
18------------ 21------------
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index cd4ccc8ce471..0de3b5615a22 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -3674,7 +3674,7 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
3674 BCC(smb_buffer_response)) { 3674 BCC(smb_buffer_response)) {
3675 kfree(tcon->nativeFileSystem); 3675 kfree(tcon->nativeFileSystem);
3676 tcon->nativeFileSystem = 3676 tcon->nativeFileSystem =
3677 kzalloc(length + 2, GFP_KERNEL); 3677 kzalloc(2*(length + 1), GFP_KERNEL);
3678 if (tcon->nativeFileSystem) 3678 if (tcon->nativeFileSystem)
3679 cifs_strfromUCS_le( 3679 cifs_strfromUCS_le(
3680 tcon->nativeFileSystem, 3680 tcon->nativeFileSystem,