From: Steve French Date: Thu, 26 Mar 2009 23:05:15 +0000 (+0000) Subject: CIFS: Fix memory overwrite when saving nativeFileSystem field during mount X-Git-Tag: v2.6.29.1~25 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=15bd8021d870d2c4fbf8c16578d72d03cfddd3a7;p=thirdparty%2Fkernel%2Fstable.git CIFS: Fix memory overwrite when saving nativeFileSystem field during mount upstream commit: b363b3304bcf68c4541683b2eff70b29f0446a5b CIFS can allocate a few bytes to little for the nativeFileSystem field during tree connect response processing during mount. This can result in a "Redzone overwritten" message to be logged. Signed-off-by: Sridhar Vinay Acked-by: Shirish Pargaonkar CC: Stable Signed-off-by: Steve French [chrisw: minor backport to CHANGES file] Signed-off-by: Chris Wright --- diff --git a/fs/cifs/CHANGES b/fs/cifs/CHANGES index 851388fafc730..6562eb0353a34 100644 --- a/fs/cifs/CHANGES +++ b/fs/cifs/CHANGES @@ -7,6 +7,9 @@ are authenticated as guest, as reconnections, invalidating the earlier user's smb session. This fix allows cifs to mount multiple times to the same server with different userids without risking invalidating earlier established security contexts. +Fix "redzone overwritten" bug in cifs_put_tcon (CIFSTcon may allocate too +little memory for the "nativeFileSystem" field returned by the server +during mount). Version 1.56 ------------ diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index da0f4ffa06132..4b64f39a85da4 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -3667,7 +3667,7 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses, BCC(smb_buffer_response)) { kfree(tcon->nativeFileSystem); tcon->nativeFileSystem = - kzalloc(length + 2, GFP_KERNEL); + kzalloc(2*(length + 1), GFP_KERNEL); if (tcon->nativeFileSystem) cifs_strfromUCS_le( tcon->nativeFileSystem,