[kernel] r20214 - in dists/wheezy/linux/debian: . patches patches/bugfix/all
Ben Hutchings
benh at alioth.debian.org
Sat Jun 8 17:54:12 UTC 2013
Author: benh
Date: Sat Jun 8 17:54:12 2013
New Revision: 20214
Log:
cifs: fix potential buffer overrun when composing a new options string
Added:
dists/wheezy/linux/debian/patches/bugfix/all/cifs-fix-potential-buffer-overrun-when-composing-a-new-options.patch
Modified:
dists/wheezy/linux/debian/changelog
dists/wheezy/linux/debian/patches/series
Modified: dists/wheezy/linux/debian/changelog
==============================================================================
--- dists/wheezy/linux/debian/changelog Sat Jun 8 17:37:47 2013 (r20213)
+++ dists/wheezy/linux/debian/changelog Sat Jun 8 17:54:12 2013 (r20214)
@@ -198,6 +198,7 @@
>conf.new (Closes: #636029)
* [i386] udeb: Add viafb to fb-modules (Closes: #705788)
- viafb: Autoload on OLPC XO 1.5 only
+ * cifs: fix potential buffer overrun when composing a new options string
[ Jonathan Nieder ]
* ext3,ext4,nfsd: dir_index: Return 64-bit readdir cookies for NFSv3 and 4
Added: dists/wheezy/linux/debian/patches/bugfix/all/cifs-fix-potential-buffer-overrun-when-composing-a-new-options.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/wheezy/linux/debian/patches/bugfix/all/cifs-fix-potential-buffer-overrun-when-composing-a-new-options.patch Sat Jun 8 17:54:12 2013 (r20214)
@@ -0,0 +1,39 @@
+From: Jeff Layton <jlayton at redhat.com>
+Date: Fri, 24 May 2013 07:40:04 -0400
+Subject: cifs: fix potential buffer overrun when composing a new options
+ string
+
+commit 166faf21bd14bc5c5295a44874bf7f3930c30b20 upstream.
+
+Consider the case where we have a very short ip= string in the original
+mount options, and when we chase a referral we end up with a very long
+IPv6 address. Be sure to allow for that possibility when estimating the
+size of the string to allocate.
+
+Signed-off-by: Jeff Layton <jlayton at redhat.com>
+Signed-off-by: Steve French <sfrench at us.ibm.com>
+Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
+---
+ fs/cifs/cifs_dfs_ref.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/fs/cifs/cifs_dfs_ref.c
++++ b/fs/cifs/cifs_dfs_ref.c
+@@ -18,6 +18,7 @@
+ #include <linux/slab.h>
+ #include <linux/vfs.h>
+ #include <linux/fs.h>
++#include <linux/inet.h>
+ #include "cifsglob.h"
+ #include "cifsproto.h"
+ #include "cifsfs.h"
+@@ -150,7 +151,8 @@ char *cifs_compose_mount_options(const c
+ * assuming that we have 'unc=' and 'ip=' in
+ * the original sb_mountdata
+ */
+- md_len = strlen(sb_mountdata) + rc + strlen(ref->node_name) + 12;
++ md_len = strlen(sb_mountdata) + rc + strlen(ref->node_name) + 12 +
++ INET6_ADDRSTRLEN;
+ mountdata = kzalloc(md_len+1, GFP_KERNEL);
+ if (mountdata == NULL) {
+ rc = -ENOMEM;
Modified: dists/wheezy/linux/debian/patches/series
==============================================================================
--- dists/wheezy/linux/debian/patches/series Sat Jun 8 17:37:47 2013 (r20213)
+++ dists/wheezy/linux/debian/patches/series Sat Jun 8 17:54:12 2013 (r20214)
@@ -654,3 +654,4 @@
bugfix/all/udf-Fix-handling-of-i_blocks.patch
bugfix/all/kbuild-Fix-missing-n-for-NEW-symbols-in-yes-make-old.patch
bugfix/x86/viafb-autoload-on-olpc-xo1.5-only.patch
+bugfix/all/cifs-fix-potential-buffer-overrun-when-composing-a-new-options.patch
More information about the Kernel-svn-changes
mailing list