merged into cifs-2.6.git for-3.10 (and also in for-3.11 tree)
(also updated for 3.11 and equivalently for-next with another patch
"cifs: remove the cifs_ses->flags field" and continuing to work
through your large auth update patch series)
On Fri, May 31, 2013 at 9:00 AM, Jeff Layton <jlayton@xxxxxxxxxx> wrote:
> commit 839db3d10a (cifs: fix up handling of prefixpath= option) changed
> the code such that the vol->prepath no longer contained a leading
> delimiter and then fixed up the places that accessed that field to
> account for that change.
>
> One spot in build_unc_path_to_root was missed however. When doing the
> pointer addition on pos, that patch failed to account for the fact that
> we had already incremented "pos" by one when adding the length of the
> prepath. This caused a buffer overrun by one byte.
>
> This patch fixes the problem by correcting the handling of "pos".
>
> Cc: <stable@xxxxxxxxxxxxxxx> # v3.8+
> Reported-by: Marcus Moeller <marcus.moeller@xxxxxx>
> Reported-by: Ken Fallon <ken.fallon@xxxxxxxxx>
> Signed-off-by: Jeff Layton <jlayton@xxxxxxxxxx>
> ---
> fs/cifs/connect.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
> index 5b97e56..e3bc39b 100644
> --- a/fs/cifs/connect.c
> +++ b/fs/cifs/connect.c
> @@ -3279,8 +3279,8 @@ build_unc_path_to_root(const struct smb_vol *vol,
> pos = full_path + unc_len;
>
> if (pplen) {
> - *pos++ = CIFS_DIR_SEP(cifs_sb);
> - strncpy(pos, vol->prepath, pplen);
> + *pos = CIFS_DIR_SEP(cifs_sb);
> + strncpy(pos + 1, vol->prepath, pplen);
> pos += pplen;
> }
>
> --
> 1.8.1.4
>
--
Thanks,
Steve
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
