[PATCH 3.16 44/72] CIFS: fix max ea value size

From: Ben Hutchings
Date: Sun Dec 08 2019 - 08:57:07 EST

Next message: Ben Hutchings: "[PATCH 3.16 33/72] configfs: fix a deadlock in configfs_symlink()"
Previous message: Ben Hutchings: "[PATCH 3.16 45/72] fuse: fix missing unlock_page in fuse_writepage()"
In reply to: Ben Hutchings: "[PATCH 3.16 45/72] fuse: fix missing unlock_page in fuse_writepage()"
Next in thread: Ben Hutchings: "[PATCH 3.16 33/72] configfs: fix a deadlock in configfs_symlink()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

3.16.79-rc1 review patch. If anyone has any objections, please let me know.

------------------

From: Murphy Zhou <jencce.kernel@xxxxxxxxx>

commit 63d37fb4ce5ae7bf1e58f906d1bf25f036fe79b2 upstream.

It should not be larger then the slab max buf size. If user
specifies a larger size, it passes this check and goes
straightly to SMB2_set_info_init performing an insecure memcpy.

Signed-off-by: Murphy Zhou <jencce.kernel@xxxxxxxxx>
Reviewed-by: Aurelien Aptel <aaptel@xxxxxxxx>
Signed-off-by: Steve French <stfrench@xxxxxxxxxxxxx>
[bwh: Backported to 3.16: adjust context]
Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
---
fs/cifs/xattr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

--- a/fs/cifs/xattr.c
+++ b/fs/cifs/xattr.c
@@ -29,7 +29,7 @@
#include "cifsproto.h"
#include "cifs_debug.h"

-#define MAX_EA_VALUE_SIZE 65535
+#define MAX_EA_VALUE_SIZE CIFSMaxBufSize
#define CIFS_XATTR_DOS_ATTRIB "user.DosAttrib"
#define CIFS_XATTR_CIFS_ACL "system.cifs_acl"

Next message: Ben Hutchings: "[PATCH 3.16 33/72] configfs: fix a deadlock in configfs_symlink()"
Previous message: Ben Hutchings: "[PATCH 3.16 45/72] fuse: fix missing unlock_page in fuse_writepage()"
In reply to: Ben Hutchings: "[PATCH 3.16 45/72] fuse: fix missing unlock_page in fuse_writepage()"
Next in thread: Ben Hutchings: "[PATCH 3.16 33/72] configfs: fix a deadlock in configfs_symlink()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]