[linux-cifs-client] [linux-cifs][patch] prevent memory overwrite by allocating the correct byte size during tree connect

[Shirish Pargaonkar]

A patch for memory overwrite by Vinay Sridhar (vinaysridhar at in.ibm.com)

I think it looks correct, to allocate twice the 16 bit characters of
bytes returned by UniStrnlen.

Mounting a samba directory which has following options in smb.conf

[SAMBA1]
        path = /SAMBA1
        guest ok = yes
        only guest = yes
        writeable = yes
        printable =yes

gives the following Call Trace with error no 2(No such file or directory)

$ mount.cifs //9.124.111.125/SAMBA1 /SAMBA1 -o username=root
Password:
 CIFS VFS: cifs_read_super: get root inode failed
=============================================================================
BUG kmalloc-8 (Not tainted): Redzone overwritten
-----------------------------------------------------------------------------

INFO: 0xc00000003a13fa08-0xc00000003a13fa0c. First byte 0x80 instead of 0xcc
INFO: Allocated in .CIFSTCon+0x3fc/0x560 [cifs] age=64 cpu=1 pid=2418
INFO: Slab 0xf000000001798198 objects=51 used=33 fp=0xc00000003a13fa50
flags=0x00c3
INFO: Object 0xc00000003a13fa00 @offset=2560 fp=0xc00000003a13fa50

Bytes b4 0xc00000003a13f9f0:  00 00 00 00 00 00 00 00 5a 5a 5a 5a 5a 5a 5a 5a
........ZZZZZZZZ
  Object 0xc00000003a13fa00:  e4 b8 80 e5 90 80 e4 98
��.�..�.
 Redzone 0xc00000003a13fa08:  80 e5 8c 80 00 cc cc cc
.�...���
 Padding 0xc00000003a13fa48:  5a 5a 5a 5a 5a 5a 5a 5a
ZZZZZZZZ
Call Trace:
[c000000035a6f490] [c0000000000117d8] .show_stack+0x6c/0x16c (unreliable)
[c000000035a6f540] [c000000000149c18] .print_trailer+0x150/0x178
[c000000035a6f5e0] [c00000000014a424] .check_bytes_and_report+0x104/0x170
[c000000035a6f6a0] [c00000000014a508] .check_object+0x78/0x260
[c000000035a6f740] [c00000000014ca18] .__slab_free+0x298/0x3dc
[c000000035a6f7f0] [c00000000014d608] .kfree+0x134/0x190
[c000000035a6f8a0] [d000000000a73e30] .tconInfoFree+0x60/0xc4 [cifs]
[c000000035a6f930] [d000000000a62b18] .cifs_put_tcon+0x11c/0x148 [cifs]
[c000000035a6f9d0] [d000000000a62b68] .cifs_umount+0x24/0x58 [cifs]
[c000000035a6fa50] [d000000000a51c44] .cifs_get_sb+0x264/0x32c [cifs]
[c000000035a6fb10] [c00000000015c7dc] .vfs_kern_mount+0xd4/0x1b0
[c000000035a6fbc0] [c00000000015c928] .do_kern_mount+0x60/0x138
[c000000035a6fc70] [c000000000179254] .do_mount+0x854/0x8d8
[c000000035a6fd60] [c0000000001a0054] .compat_sys_mount+0x20c/0x28c
[c000000035a6fe30] [c0000000000085f0] syscall_exit+0x0/0x40
FIX kmalloc-8: Restoring 0xc00000003a13fa08-0xc00000003a13fa0c=0xcc

mount error 2 = No such file or directory
Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cifs_fix.patch
Type: application/octet-stream
Size: 582 bytes
Desc: not available
Url : http://lists.samba.org/archive/linux-cifs-client/attachments/20090313/387e9c00/cifs_fix.obj