[linux-cifs-client] Re: [PATCH] cifs: fix buffer overrun in
parse_DFS_referrals
Jeff Layton
jlayton at redhat.com
Wed Dec 17 15:49:53 GMT 2008
On Wed, 17 Dec 2008 13:40:56 -0200
"Renato S. Yamane" <yamane at diamondcut.com.br> wrote:
> Jeff Layton wrote:
> > ---
> > fs/cifs/cifssmb.c | 3 ++-
> > 1 files changed, 2 insertions(+), 1 deletions(-)
> >
> > diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
> > index 9395928..824df14 100644
> > --- a/fs/cifs/cifssmb.c
> > +++ b/fs/cifs/cifssmb.c
> > @@ -3992,7 +3992,8 @@ parse_DFS_referrals(TRANSACTION2_GET_DFS_REFER_RSP *pSMBr,
> >
> > node->flags = le16_to_cpu(pSMBr->DFSFlags);
> > if (is_unicode) {
> > - __le16 *tmp = kmalloc(strlen(searchName)*2, GFP_KERNEL);
> > + __le16 *tmp = kmalloc(strlen(searchName)*2 + 2,
> > + GFP_KERNEL);
> > cifsConvertToUCS((__le16 *) tmp, searchName,
> > PATH_MAX, nls_codepage, remap);
> > node->path_consumed = hostlen_fromUCS(tmp,
>
> This patch can't be applied in -stable release:
>
> yamane at mandachuva:~/kernel/linux-2.6.27.9$ patch -p1 < cifs.patch
> patching file fs/cifs/cifssmb.c
> patch unexpectedly ends in middle of line
> Hunk #1 FAILED at 3992.
> 1 out of 1 hunk FAILED -- saving rejects to file fs/cifs/cifssmb.c.rej
>
My apologies. The patch that introduced this problem isn't in stable
releases. You can drop this patch from stable queue. Sorry for false alarm.
It would be good for 2.6.28 kernels though since it's a regression and
possible memory corruptor.
Thanks,
--
Jeff Layton <jlayton at redhat.com>
More information about the linux-cifs-client
mailing list