[CIFS] Fix memory overwrite when saving nativeFileSystem field during mount
authorSteve French <sfrench@us.ibm.com>
Wed, 18 Mar 2009 05:57:22 +0000 (05:57 +0000)
committerSteve French <sfrench@us.ibm.com>
Wed, 18 Mar 2009 05:57:22 +0000 (05:57 +0000)
CIFS can allocate a few bytes to little for the nativeFileSystem field
during tree connect response processing during mount.  This can result
in a "Redzone overwritten" message to be logged.

Signed-off-by: Sridhar Vinay <vinaysridhar@in.ibm.com>
Acked-by: Shirish Pargaonkar <shirishp@us.ibm.com>
CC: Stable <stable@kernel.org>
Signed-off-by: Steve French <sfrench@us.ibm.com>
fs/cifs/CHANGES
fs/cifs/connect.c

index fc977dfe95932b5130b900fb26f1f2170c8ab8c5..65984006192c8b7938acd9d5c7a53b0fc58c9c3e 100644 (file)
@@ -13,6 +13,9 @@ parameter to allow user to disable sending the (slow) SMB flush on
 fsync if desired (fsync still flushes all cached write data to the server).
 Posix file open support added (turned off after one attempt if server
 fails to support it properly, as with Samba server versions prior to 3.3.2)
+Fix "redzone overwritten" bug in cifs_put_tcon (CIFSTcon may allocate too
+little memory for the "nativeFileSystem" field returned by the server
+during mount). 
 
 Version 1.56
 ------------
index cd4ccc8ce4711aa5bedbf4f79670bde9f3a88d0f..0de3b5615a227ff06573b37ad829b13d3e60a1ed 100644 (file)
@@ -3674,7 +3674,7 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
                            BCC(smb_buffer_response)) {
                                kfree(tcon->nativeFileSystem);
                                tcon->nativeFileSystem =
-                                   kzalloc(length + 2, GFP_KERNEL);
+                                   kzalloc(2*(length + 1), GFP_KERNEL);
                                if (tcon->nativeFileSystem)
                                        cifs_strfromUCS_le(
                                                tcon->nativeFileSystem,