[kernel] r20214 - in dists/wheezy/linux/debian: . patches patches/bugfix/all

Ben Hutchings benh at alioth.debian.org
Sat Jun 8 17:54:12 UTC 2013 

Author: benh
Date: Sat Jun  8 17:54:12 2013
New Revision: 20214

Log:
cifs: fix potential buffer overrun when composing a new options string

Added:
   dists/wheezy/linux/debian/patches/bugfix/all/cifs-fix-potential-buffer-overrun-when-composing-a-new-options.patch
Modified:
   dists/wheezy/linux/debian/changelog
   dists/wheezy/linux/debian/patches/series

Modified: dists/wheezy/linux/debian/changelog
==============================================================================
--- dists/wheezy/linux/debian/changelog	Sat Jun  8 17:37:47 2013	(r20213)
+++ dists/wheezy/linux/debian/changelog	Sat Jun  8 17:54:12 2013	(r20214)
@@ -198,6 +198,7 @@
     >conf.new (Closes: #636029)
   * [i386] udeb: Add viafb to fb-modules (Closes: #705788)
     - viafb: Autoload on OLPC XO 1.5 only
+  * cifs: fix potential buffer overrun when composing a new options string
 
   [ Jonathan Nieder ]
   * ext3,ext4,nfsd: dir_index: Return 64-bit readdir cookies for NFSv3 and 4

Added: dists/wheezy/linux/debian/patches/bugfix/all/cifs-fix-potential-buffer-overrun-when-composing-a-new-options.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/wheezy/linux/debian/patches/bugfix/all/cifs-fix-potential-buffer-overrun-when-composing-a-new-options.patch	Sat Jun  8 17:54:12 2013	(r20214)
@@ -0,0 +1,39 @@
+From: Jeff Layton <jlayton at redhat.com>
+Date: Fri, 24 May 2013 07:40:04 -0400
+Subject: cifs: fix potential buffer overrun when composing a new options
+ string
+
+commit 166faf21bd14bc5c5295a44874bf7f3930c30b20 upstream.
+
+Consider the case where we have a very short ip= string in the original
+mount options, and when we chase a referral we end up with a very long
+IPv6 address. Be sure to allow for that possibility when estimating the
+size of the string to allocate.
+
+Signed-off-by: Jeff Layton <jlayton at redhat.com>
+Signed-off-by: Steve French <sfrench at us.ibm.com>
+Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
+---
+ fs/cifs/cifs_dfs_ref.c |    4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/fs/cifs/cifs_dfs_ref.c
++++ b/fs/cifs/cifs_dfs_ref.c
+@@ -18,6 +18,7 @@
+ #include <linux/slab.h>
+ #include <linux/vfs.h>
+ #include <linux/fs.h>
++#include <linux/inet.h>
+ #include "cifsglob.h"
+ #include "cifsproto.h"
+ #include "cifsfs.h"
+@@ -150,7 +151,8 @@ char *cifs_compose_mount_options(const c
+ 	 * assuming that we have 'unc=' and 'ip=' in
+ 	 * the original sb_mountdata
+ 	 */
+-	md_len = strlen(sb_mountdata) + rc + strlen(ref->node_name) + 12;
++	md_len = strlen(sb_mountdata) + rc + strlen(ref->node_name) + 12 +
++			INET6_ADDRSTRLEN;
+ 	mountdata = kzalloc(md_len+1, GFP_KERNEL);
+ 	if (mountdata == NULL) {
+ 		rc = -ENOMEM;

Modified: dists/wheezy/linux/debian/patches/series
==============================================================================
--- dists/wheezy/linux/debian/patches/series	Sat Jun  8 17:37:47 2013	(r20213)
+++ dists/wheezy/linux/debian/patches/series	Sat Jun  8 17:54:12 2013	(r20214)
@@ -654,3 +654,4 @@
 bugfix/all/udf-Fix-handling-of-i_blocks.patch
 bugfix/all/kbuild-Fix-missing-n-for-NEW-symbols-in-yes-make-old.patch
 bugfix/x86/viafb-autoload-on-olpc-xo1.5-only.patch
+bugfix/all/cifs-fix-potential-buffer-overrun-when-composing-a-new-options.patch

More information about the Kernel-svn-changes mailing list