[kernel] r17879 - in dists/lenny/linux-2.6/debian: . patches/bugfix/all patches/series

Dann Frazier dannf at alioth.debian.org
Tue Aug 2 05:47:10 UTC 2011 

Author: dannf
Date: Tue Aug  2 05:47:09 2011
New Revision: 17879

Log:
cifs: fix an oops that can occur when accessing filenames containing
accented characters from a Windows ME server (Closes: #524438)

Added:
   dists/lenny/linux-2.6/debian/patches/bugfix/all/cifs-check-that-last-search-entry-resume-key-is-valid.patch
   dists/lenny/linux-2.6/debian/patches/bugfix/all/cifs-fix-saving-of-resume-key-before-CIFSFindNext.patch
Modified:
   dists/lenny/linux-2.6/debian/changelog
   dists/lenny/linux-2.6/debian/patches/series/27

Modified: dists/lenny/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny/linux-2.6/debian/changelog	Sun Jul 31 17:19:18 2011	(r17878)
+++ dists/lenny/linux-2.6/debian/changelog	Tue Aug  2 05:47:09 2011	(r17879)
@@ -31,6 +31,8 @@
     - [x86] Flush TLB if PGD entry is changed in i386 PAE mode
     - ext3: skip orphan cleanup on rocompat fs
     - cciss: fix lost command issue
+  * cifs: fix an oops that can occur when accessing filenames containing
+    accented characters from a Windows ME server (Closes: #524438)
 
  -- Ben Hutchings <ben at decadent.org.uk>  Mon, 29 Nov 2010 02:01:24 +0000
 

Added: dists/lenny/linux-2.6/debian/patches/bugfix/all/cifs-check-that-last-search-entry-resume-key-is-valid.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/lenny/linux-2.6/debian/patches/bugfix/all/cifs-check-that-last-search-entry-resume-key-is-valid.patch	Tue Aug  2 05:47:09 2011	(r17879)
@@ -0,0 +1,72 @@
+commit b77d753c413e02559669df66e543869dad40c847
+Author: Steve French <sfrench at us.ibm.com>
+Date:   Wed Oct 8 19:13:46 2008 +0000
+
+    [CIFS] Check that last search entry resume key is valid
+    
+    Jeff's recent patch to add a last_entry field in the search structure
+    to better construct resume keys did not validate that the server
+    sent us a plausible pointer to the last entry.  This adds that.
+    
+    Signed-off-by: Steve French <sfrench at us.ibm.com>
+
+diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
+index 7b00a16..6f4ffe1 100644
+--- a/fs/cifs/cifssmb.c
++++ b/fs/cifs/cifssmb.c
+@@ -3614,6 +3614,8 @@ findFirstRetry:
+ 		/* BB remember to free buffer if error BB */
+ 		rc = validate_t2((struct smb_t2_rsp *)pSMBr);
+ 		if (rc == 0) {
++			unsigned int lnoff;
++
+ 			if (pSMBr->hdr.Flags2 & SMBFLG2_UNICODE)
+ 				psrch_inf->unicode = true;
+ 			else
+@@ -3636,8 +3638,17 @@ findFirstRetry:
+ 					le16_to_cpu(parms->SearchCount);
+ 			psrch_inf->index_of_last_entry = 2 /* skip . and .. */ +
+ 				psrch_inf->entries_in_buffer;
++			lnoff = le16_to_cpu(parms->LastNameOffset);
++			if (tcon->ses->server->maxBuf - MAX_CIFS_HDR_SIZE <
++			      lnoff) {
++				cERROR(1, ("ignoring corrupt resume name"));
++				psrch_inf->last_entry = NULL;
++				return rc;
++			}
++
+ 			psrch_inf->last_entry = psrch_inf->srch_entries_start +
+-					le16_to_cpu(parms->LastNameOffset);
++							lnoff;
++
+ 			*pnetfid = parms->SearchHandle;
+ 		} else {
+ 			cifs_buf_release(pSMB);
+@@ -3727,6 +3738,8 @@ int CIFSFindNext(const int xid, struct cifsTconInfo *tcon,
+ 		rc = validate_t2((struct smb_t2_rsp *)pSMBr);
+ 
+ 		if (rc == 0) {
++			unsigned int lnoff;
++
+ 			/* BB fixme add lock for file (srch_info) struct here */
+ 			if (pSMBr->hdr.Flags2 & SMBFLG2_UNICODE)
+ 				psrch_inf->unicode = true;
+@@ -3753,8 +3766,16 @@ int CIFSFindNext(const int xid, struct cifsTconInfo *tcon,
+ 						le16_to_cpu(parms->SearchCount);
+ 			psrch_inf->index_of_last_entry +=
+ 				psrch_inf->entries_in_buffer;
+-			psrch_inf->last_entry = psrch_inf->srch_entries_start +
+-					le16_to_cpu(parms->LastNameOffset);
++			lnoff = le16_to_cpu(parms->LastNameOffset);
++			if (tcon->ses->server->maxBuf - MAX_CIFS_HDR_SIZE <
++			      lnoff) {
++				cERROR(1, ("ignoring corrupt resume name"));
++				psrch_inf->last_entry = NULL;
++				return rc;
++			} else
++				psrch_inf->last_entry =
++					psrch_inf->srch_entries_start + lnoff;
++
+ /*  cFYI(1,("fnxt2 entries in buf %d index_of_last %d",
+ 	    psrch_inf->entries_in_buffer, psrch_inf->index_of_last_entry)); */
+ 

Added: dists/lenny/linux-2.6/debian/patches/bugfix/all/cifs-fix-saving-of-resume-key-before-CIFSFindNext.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/lenny/linux-2.6/debian/patches/bugfix/all/cifs-fix-saving-of-resume-key-before-CIFSFindNext.patch	Tue Aug  2 05:47:09 2011	(r17879)
@@ -0,0 +1,39 @@
+commit a364bc0b37f14ffd66c1f982af42990a9d77fa43
+Author: Jeff Layton <sfrench at us.ibm.com>
+Date:   Tue Oct 21 14:42:13 2008 +0000
+
+    [CIFS] fix saving of resume key before CIFSFindNext
+    
+    We recently fixed the cifs readdir code so that it saves the resume key
+    before calling CIFSFindNext. Unfortunately, this assumes that we have
+    just done a CIFSFindFirst (or FindNext) and have resume info to save.
+    This isn't necessarily the case. Fix the code to save resume info if we
+    had to reinitiate the search, and after a FindNext.
+    
+    This fixes connectathon basic test6 against NetApp filers.
+    
+    Signed-off-by: Jeff Layton <jlayton at redhat.com>
+    CC: Stable <stable at kernel.org>
+    Signed-off-by: Steve French <sfrench at us.ibm.com>
+
+diff --git a/fs/cifs/readdir.c b/fs/cifs/readdir.c
+index 765adf1..58d5729 100644
+--- a/fs/cifs/readdir.c
++++ b/fs/cifs/readdir.c
+@@ -762,14 +762,15 @@ static int find_cifs_entry(const int xid, struct cifsTconInfo *pTcon,
+ 				 rc));
+ 			return rc;
+ 		}
++		cifs_save_resume_key(cifsFile->srch_inf.last_entry, cifsFile);
+ 	}
+ 
+ 	while ((index_to_find >= cifsFile->srch_inf.index_of_last_entry) &&
+ 	      (rc == 0) && !cifsFile->srch_inf.endOfSearch) {
+ 		cFYI(1, ("calling findnext2"));
+-		cifs_save_resume_key(cifsFile->srch_inf.last_entry, cifsFile);
+ 		rc = CIFSFindNext(xid, pTcon, cifsFile->netfid,
+ 				  &cifsFile->srch_inf);
++		cifs_save_resume_key(cifsFile->srch_inf.last_entry, cifsFile);
+ 		if (rc)
+ 			return -ENOENT;
+ 	}

Modified: dists/lenny/linux-2.6/debian/patches/series/27
==============================================================================
--- dists/lenny/linux-2.6/debian/patches/series/27	Sun Jul 31 17:19:18 2011	(r17878)
+++ dists/lenny/linux-2.6/debian/patches/series/27	Tue Aug  2 05:47:09 2011	(r17879)
@@ -21,3 +21,5 @@
 + bugfix/x86/flush-tlb-if-pgd-entry-is-changed-in-pae-mode.patch
 + bugfix/all/ext3-skip-orphan-cleanup-on-rocompat-fs.patch
 + bugfix/all/cciss-fix-lost-command-issue.patch
++ bugfix/all/cifs-check-that-last-search-entry-resume-key-is-valid.patch
++ bugfix/all/cifs-fix-saving-of-resume-key-before-CIFSFindNext.patch

More information about the Kernel-svn-changes mailing list