Jeff.
Would you add my ack, and the cc: for stable and send to Linus? I
think this should go in.
On Tue, Dec 16, 2008 at 9:04 AM, Jeff Layton <jlayton@xxxxxxxxxx> wrote:
> While testing a kernel with memory poisoning enabled, I saw some warnings
> about the redzone getting clobbered when chasing DFS referrals. The
> buffer allocation for the unicode converted version of the searchName is
> too small and needs to take null termination into account.
>
> Signed-off-by: Jeff Layton <jlayton@xxxxxxxxxx>
> ---
> fs/cifs/cifssmb.c | 3 ++-
> 1 files changed, 2 insertions(+), 1 deletions(-)
>
> diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
> index 9395928..824df14 100644
> --- a/fs/cifs/cifssmb.c
> +++ b/fs/cifs/cifssmb.c
> @@ -3992,7 +3992,8 @@ parse_DFS_referrals(TRANSACTION2_GET_DFS_REFER_RSP *pSMBr,
>
> node->flags = le16_to_cpu(pSMBr->DFSFlags);
> if (is_unicode) {
> - __le16 *tmp = kmalloc(strlen(searchName)*2, GFP_KERNEL);
> + __le16 *tmp = kmalloc(strlen(searchName)*2 + 2,
> + GFP_KERNEL);
> cifsConvertToUCS((__le16 *) tmp, searchName,
> PATH_MAX, nls_codepage, remap);
> node->path_consumed = hostlen_fromUCS(tmp,
> --
> 1.5.5.1
>
>
--
Thanks,
Steve
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
