[linux-cifs-client] [PATCH 2/5] cifs: Increase size of tmp_buf in cifs_readdir to avoid potential overflows

Suresh Jayaraman sjayaraman at suse.de
Wed May 6 11:33:11 GMT 2009 

Author: Suresh Jayaraman <sjayaraman at suse.de>
Date:   Mon Apr 20 18:54:36 2009 +0530


    cifs: Increase size of tmp_buf in cifs_readdir to avoid potential overflows
    
    Increase size of tmp_buf to possible maximum to avoid potential
    overflows. Also moved UNICODE_NAME_MAX definition so that it can be used
    elsewhere.
    
    Pointed-out-by: Jeff Layton <jlayton at redhat.com>
    Signed-off-by: Suresh Jayaraman <sjayaraman at suse.de>
    Acked-by: Jeff Layton <jlayton at redhat.com>
    Signed-off-by: Steve French <sfrench at us.ibm.com>

---
 fs/cifs/cifs_unicode.h |    7 +++++++
 fs/cifs/readdir.c      |    2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

Index: linux-2.6.29.2/fs/cifs/readdir.c
===================================================================
--- linux-2.6.29.2.orig/fs/cifs/readdir.c
+++ linux-2.6.29.2/fs/cifs/readdir.c
@@ -1072,7 +1072,7 @@ int cifs_readdir(struct file *file, void
 		with the rare long characters alloc more to account for
 		such multibyte target UTF-8 characters. cifs_unicode.c,
 		which actually does the conversion, has the same limit */
-		tmp_buf = kmalloc((2 * NAME_MAX) + 4, GFP_KERNEL);
+		tmp_buf = kmalloc(UNICODE_NAME_MAX, GFP_KERNEL);
 		for (i = 0; (i < num_to_fill) && (rc == 0); i++) {
 			if (current_entry == NULL) {
 				/* evaluate whether this case is an error */
Index: linux-2.6.29.2/fs/cifs/cifs_unicode.h
===================================================================
--- linux-2.6.29.2.orig/fs/cifs/cifs_unicode.h
+++ linux-2.6.29.2/fs/cifs/cifs_unicode.h
@@ -64,6 +64,13 @@ int cifs_strtoUCS(__le16 *, const char *
 #endif
 
 /*
+ * To be safe - for UCS to UTF-8 with strings loaded with the rare long
+ * characters alloc more to account for such multibyte target UTF-8
+ * characters.
+ */
+#define UNICODE_NAME_MAX ((4 * NAME_MAX) + 2)
+
+/*
  * UniStrcat:  Concatenate the second string to the first
  *
  * Returns:

More information about the linux-cifs-client mailing list