Home » Mailing list archives » git-commits-head » 2009 » March » 26

[CIFS] Fix memory overwrite when saving nativeFileSystem field during mount

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Linux Kernel Mailing List
Subject: [CIFS] Fix memory overwrite when saving nativeFileSystem field during mount
Date: Thursday, March 26, 2009 - 4:59 pm

Gitweb:     http://git.kernel.org/linus/b363b3304bcf68c4541683b2eff70b29f0446a5b
Commit:     b363b3304bcf68c4541683b2eff70b29f0446a5b
Parent:     c6c00919ab16717f228aac20ee72dc83c4430537
Author:     Steve French <sfrench@us.ibm.com>
AuthorDate: Wed Mar 18 05:57:22 2009 +0000
Committer:  Steve French <sfrench@us.ibm.com>
CommitDate: Wed Mar 18 05:57:22 2009 +0000

    [CIFS] Fix memory overwrite when saving nativeFileSystem field during mount
    
    CIFS can allocate a few bytes to little for the nativeFileSystem field
    during tree connect response processing during mount.  This can result
    in a "Redzone overwritten" message to be logged.
    
    Signed-off-by: Sridhar Vinay <vinaysridhar@in.ibm.com>
    Acked-by: Shirish Pargaonkar <shirishp@us.ibm.com>
    CC: Stable <stable@kernel.org>
    Signed-off-by: Steve French <sfrench@us.ibm.com>
---
 fs/cifs/CHANGES   |    3 +++
 fs/cifs/connect.c |    2 +-
 2 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/fs/cifs/CHANGES b/fs/cifs/CHANGES
index fc977df..6598400 100644
--- a/fs/cifs/CHANGES
+++ b/fs/cifs/CHANGES
@@ -13,6 +13,9 @@ parameter to allow user to disable sending the (slow) SMB flush on
 fsync if desired (fsync still flushes all cached write data to the server).
 Posix file open support added (turned off after one attempt if server
 fails to support it properly, as with Samba server versions prior to 3.3.2)
+Fix "redzone overwritten" bug in cifs_put_tcon (CIFSTcon may allocate too
+little memory for the "nativeFileSystem" field returned by the server
+during mount). 
 
 Version 1.56
 ------------
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index cd4ccc8..0de3b56 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -3674,7 +3674,7 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
 			    BCC(smb_buffer_response)) {
 				kfree(tcon->nativeFileSystem);
 				tcon->nativeFileSystem =
-				    kzalloc(length + 2, GFP_KERNEL);
+				    kzalloc(2*(length + 1), GFP_KERNEL);
 				if (tcon->nativeFileSystem)
 					cifs_strfromUCS_le(
 						tcon->nativeFileSystem,
--
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
[CIFS] Fix memory overwrite when saving nativeFileSystem f ..., Linux Kernel Mailing ..., (Thu Mar 26, 4:59 pm)