]> git.ipfire.org Git - thirdparty/kernel/stable.git/commitdiff
projects / thirdparty / kernel / stable.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a0cab4f)
CIFS: fix max ea value size
authorMurphy Zhou <jencce.kernel@gmail.com>
Sat, 21 Sep 2019 11:26:00 +0000 (19:26 +0800)
committerBen Hutchings <ben@decadent.org.uk>
Tue, 10 Dec 2019 18:01:26 +0000 (18:01 +0000)
commit 63d37fb4ce5ae7bf1e58f906d1bf25f036fe79b2 upstream.

It should not be larger then the slab max buf size. If user
specifies a larger size, it passes this check and goes
straightly to SMB2_set_info_init performing an insecure memcpy.

Signed-off-by: Murphy Zhou <jencce.kernel@gmail.com>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
[bwh: Backported to 3.16: adjust context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
fs/cifs/xattr.c patch | blob | blame | history

diff --git a/fs/cifs/xattr.c b/fs/cifs/xattr.c
index 5ac836a86b1885d4e1766e831a1b56d3a263e277..16dc931ea787ce23ed1fd8536a179f36c1fbc275 100644 (file)
--- a/fs/cifs/xattr.c
+++ b/fs/cifs/xattr.c
@@ -29,7 +29,7 @@
 #include "cifsproto.h"
 #include "cifs_debug.h"
 
-#define MAX_EA_VALUE_SIZE 65535
+#define MAX_EA_VALUE_SIZE CIFSMaxBufSize
 #define CIFS_XATTR_DOS_ATTRIB "user.DosAttrib"
 #define CIFS_XATTR_CIFS_ACL "system.cifs_acl"
 
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git