On Sat, Sep 7, 2013 at 10:52 PM, Ben Hutchings <ben@xxxxxxxxxxxxxxx> wrote: > > 3.2.51-rc1 review patch. If anyone has any objections, please let me know. > > ------------------ > > From: Chen Gang <gang.chen@xxxxxxxxxxx> > > commit 057d6332b24a4497c55a761c83c823eed9e3f23b upstream. > > For cifs_set_cifscreds() in "fs/cifs/connect.c", 'desc' buffer length > is 'CIFSCREDS_DESC_SIZE' (56 is less than 256), and 'ses->domainName' > length may be "255 + '\0'". > > The related sprintf() may cause memory overflow, so need extend related > buffer enough to hold all things. > > It is also necessary to be sure of 'ses->domainName' must be less than > 256, and define the related macro instead of hard code number '256'. > > Signed-off-by: Chen Gang <gang.chen@xxxxxxxxxxx> > Reviewed-by: Jeff Layton <jlayton@xxxxxxxxxx> > Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@xxxxxxxxx> > Reviewed-by: Scott Lovenberg <scott.lovenberg@xxxxxxxxx> > Signed-off-by: Steve French <smfrench@xxxxxxxxx> > [bwh: Backported to 3.2: > - Adjust context in sess.c > - Drop inapplicable changes to connect.c] > Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx> Looks good to me. -- Peace and Blessings, -Scott. -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html