From: Greg Kroah-Hartman <gregkh@suse.de>
Date: Mon, 24 Apr 2006 20:57:05 +0000 (-0700)
Subject: 2.6.16.11 release
X-Git-Tag: v2.6.16.11^0
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=da3327035435c337fe5c0a4ebb9a574700b84092;p=thirdparty%2Fkernel%2Fstable-queue.git

2.6.16.11 release
---

diff --git a/releases/2.6.16.11/CIFS-Don-t-allow-a-backslash-in-a-path-component.patch b/releases/2.6.16.11/CIFS-Don-t-allow-a-backslash-in-a-path-component.patch
new file mode 100644
index 00000000000..8c58739a095
--- /dev/null
+++ b/releases/2.6.16.11/CIFS-Don-t-allow-a-backslash-in-a-path-component.patch
@@ -0,0 +1,40 @@
+From nobody Mon Sep 17 00:00:00 2001
+From: Steve French <sfrench@us.ibm.com>
+Date: Fri Apr 21 18:18:37 2006 +0000
+Subject: [PATCH] [CIFS] Don't allow a backslash in a path component (CVE-2006-1863)
+
+Unless Posix paths have been negotiated, the backslash, "\", is not a valid
+character in a path component.
+
+Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com>
+Signed-off-by: Steve French  <sfrench@us.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+
+ fs/cifs/dir.c |   14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+--- linux-2.6.16.10.orig/fs/cifs/dir.c
++++ linux-2.6.16.10/fs/cifs/dir.c
+@@ -441,6 +441,20 @@ cifs_lookup(struct inode *parent_dir_ino
+ 	cifs_sb = CIFS_SB(parent_dir_inode->i_sb);
+ 	pTcon = cifs_sb->tcon;
+ 
++	/*
++	 * Don't allow the separator character in a path component.
++	 * The VFS will not allow "/", but "\" is allowed by posix.
++	 */
++	if (!(cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS)) {
++		int i;
++		for (i = 0; i < direntry->d_name.len; i++)
++			if (direntry->d_name.name[i] == '\\') {
++				cFYI(1, ("Invalid file name"));
++				FreeXid(xid);
++				return ERR_PTR(-EINVAL);
++			}
++	}
++
+ 	/* can not grab the rename sem here since it would
+ 	deadlock in the cases (beginning of sys_rename itself)
+ 	in which we already have the sb rename sem */
diff --git a/releases/2.6.16.11/series b/releases/2.6.16.11/series
new file mode 100644
index 00000000000..378083dce37
--- /dev/null
+++ b/releases/2.6.16.11/series
@@ -0,0 +1 @@
+CIFS-Don-t-allow-a-backslash-in-a-path-component.patch