3.2.77-rc1 review patch. If anyone has any objections, please let me know. ------------------ From: Vasily Averin <vvs@xxxxxxxxxxxxx> commit 01b9b0b28626db4a47d7f48744d70abca9914ef1 upstream. In some cases tmp_bug can be not filled in cifs_filldir and stay uninitialized, therefore its printk with "%s" modifier can leak content of kernelspace memory. If old content of this buffer does not contain '\0' access bejond end of allocated object can crash the host. Signed-off-by: Vasily Averin <vvs@xxxxxxxxxxxxx> Signed-off-by: Steve French <sfrench@localhost.localdomain> [bwh: Backported to 3.2: adjust context] Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx> --- fs/cifs/readdir.c | 1 + 1 file changed, 1 insertion(+) --- a/fs/cifs/readdir.c +++ b/fs/cifs/readdir.c @@ -823,6 +823,7 @@ int cifs_readdir(struct file *file, void } /* if buggy server returns . and .. late do we want to check for that here? */ + *tmp_buf = 0; rc = cifs_filldir(current_entry, file, filldir, direntry, tmp_buf, max_len); if (rc == -EOVERFLOW) { -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html