Re: [PATCH] cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Stefano Brivio <sbrivio@xxxxxxxxxx> writes:
> I think it does: for SMB2_SET_INFO we'll allocate with cifs_buf_get(),
> which does:
>
> 	ret_buf = mempool_alloc(cifs_req_poolp, GFP_NOFS);
>
> and release with cifs_buf_release():
>
> 	mempool_free(buf_to_free, cifs_req_poolp);
>
> am I missing something?

I was just reading the diff and assumed it was all in the same function
nevermind, you're right.

Fix is correct but I don't like having packet specific code in the init
function.

We could also raise the small buf mempool slab size to take into account
the SETINFO with ACL so that it fits in a small buf.

It would be interesting to know the max size of a SETINFO for ACL for
that.

Meanwhile this is good enough as far as I'm concerned (if anyone has
other ideas feel free to comment).

Reviewed-by: Aurelien Aptel <aaptel@xxxxxxxx>

Cheers,
-- 
Aurélien Aptel / SUSE Labs Samba Team
GPG: 1839 CB5F 9F5B FB9B AA97  8C99 03C8 A49B 521B D5D3
SUSE Linux GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)



[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux