Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
[CIFS] Fix oops in cifs_strfromUCS_le mounting to servers which do not specify their OS
Fixes kernel bug #10451 http://bugzilla.kernel.org/show_bug.cgi?id=10451
Certain NAS appliances do not set the operating system or network operating system
fields in the session setup response on the wire. cifs was oopsing on the unexpected
zero length response fields (when trying to null terminate a zero length field).
This fixes the oops.
Acked-by: Jeff Layton <jlayton@redhat.com>
CC: stable <stable@kernel.org>
Signed-off-by: Steve French <sfrench@us.ibm.com>
+2
-1
fs/cifs/CHANGES
+2
-1
fs/cifs/CHANGES
···
7
7
top of the share. Fix problem in 2.6.28 resolving DFS paths to
8
8
Samba servers (worked to Windows). Fix rmdir so that pending search
9
9
(readdir) requests do not get invalid results which include the now
10
-
removed directory.
10
+
removed directory. Fix oops in cifs_dfs_ref.c when prefixpath is not reachable
11
+
when using DFS.
11
12
12
13
Version 1.55
13
14
------------
+2
-2
fs/cifs/sess.c
+2
-2
fs/cifs/sess.c
···
228
228
229
229
kfree(ses->serverOS);
230
230
/* UTF-8 string will not grow more than four times as big as UCS-16 */
231
-
ses->serverOS = kzalloc(4 * len, GFP_KERNEL);
231
+
ses->serverOS = kzalloc((4 * len) + 2 /* trailing null */, GFP_KERNEL);
232
232
if (ses->serverOS != NULL)
233
233
cifs_strfromUCS_le(ses->serverOS, (__le16 *)data, len, nls_cp);
234
234
data += 2 * (len + 1);
···
241
241
return rc;
242
242
243
243
kfree(ses->serverNOS);
244
-
ses->serverNOS = kzalloc(4 * len, GFP_KERNEL); /* BB this is wrong length FIXME BB */
244
+
ses->serverNOS = kzalloc((4 * len) + 2 /* trailing null */, GFP_KERNEL);
245
245
if (ses->serverNOS != NULL) {
246
246
cifs_strfromUCS_le(ses->serverNOS, (__le16 *)data, len,
247
247
nls_cp);