[patch 12/96] [CIFS] Fix oops in cifs_strfromUCS_le mounting to servers which do not specify their OS

From: Greg KH
Date: Fri Mar 13 2009 - 20:22:42 EST

Next message: Greg KH: "[patch 13/96] JFFS2: fix mount crash caused by removed nodes"
Previous message: Greg KH: "[patch 11/96] aoe: ignore vendor extension AoE responses"
In reply to: Greg KH: "[patch 11/96] aoe: ignore vendor extension AoE responses"
Next in thread: Greg KH: "[patch 13/96] JFFS2: fix mount crash caused by removed nodes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

2.6.27-stable review patch. If anyone has any objections, please let us know.

------------------

From: Steve French <sfrench@xxxxxxxxxx>

commit 69765529d701c838df19ea1f5ad2f33a528261ae upstream.

Fixes kernel bug #10451 http://bugzilla.kernel.org/show_bug.cgi?id=10451

Certain NAS appliances do not set the operating system or network operating system
fields in the session setup response on the wire. cifs was oopsing on the unexpected
zero length response fields (when trying to null terminate a zero length field).

This fixes the oops.

Acked-by: Jeff Layton <jlayton@xxxxxxxxxx>
Signed-off-by: Steve French <sfrench@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxx>

---
fs/cifs/CHANGES | 2 ++
fs/cifs/sess.c | 4 ++--
2 files changed, 4 insertions(+), 2 deletions(-)

--- a/fs/cifs/CHANGES
+++ b/fs/cifs/CHANGES
@@ -1,3 +1,5 @@
+Fix oops in cifs_dfs_ref.c when prefixpath is not reachable when using DFS.
+
Version 1.54
------------
Fix premature write failure on congested networks (we would give up
--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c
@@ -228,7 +228,7 @@ static int decode_unicode_ssetup(char **

kfree(ses->serverOS);
/* UTF-8 string will not grow more than four times as big as UCS-16 */
- ses->serverOS = kzalloc(4 * len, GFP_KERNEL);
+ ses->serverOS = kzalloc((4 * len) + 2 /* trailing null */, GFP_KERNEL);
if (ses->serverOS != NULL)
cifs_strfromUCS_le(ses->serverOS, (__le16 *)data, len, nls_cp);
data += 2 * (len + 1);
@@ -241,7 +241,7 @@ static int decode_unicode_ssetup(char **
return rc;

kfree(ses->serverNOS);
- ses->serverNOS = kzalloc(4 * len, GFP_KERNEL); /* BB this is wrong length FIXME BB */
+ ses->serverNOS = kzalloc((4 * len) + 2 /* trailing null */, GFP_KERNEL);
if (ses->serverNOS != NULL) {
cifs_strfromUCS_le(ses->serverNOS, (__le16 *)data, len,
nls_cp);

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg KH: "[patch 13/96] JFFS2: fix mount crash caused by removed nodes"
Previous message: Greg KH: "[patch 11/96] aoe: ignore vendor extension AoE responses"
In reply to: Greg KH: "[patch 11/96] aoe: ignore vendor extension AoE responses"
Next in thread: Greg KH: "[patch 13/96] JFFS2: fix mount crash caused by removed nodes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]