-stable review patch. If anyone has any objections, please let us know.
---------------------
From: Steve French <[email protected]>
upstream commit: b363b3304bcf68c4541683b2eff70b29f0446a5b
CIFS can allocate a few bytes to little for the nativeFileSystem field
during tree connect response processing during mount. This can result
in a "Redzone overwritten" message to be logged.
Signed-off-by: Sridhar Vinay <[email protected]>
Acked-by: Shirish Pargaonkar <[email protected]>
CC: Stable <[email protected]>
Signed-off-by: Steve French <[email protected]>
[chrisw: minor backport to CHANGES file]
Signed-off-by: Chris Wright <[email protected]>
---
fs/cifs/CHANGES | 3 +++
fs/cifs/connect.c | 2 +-
2 files changed, 4 insertions(+), 1 deletion(-)
--- a/fs/cifs/CHANGES
+++ b/fs/cifs/CHANGES
@@ -7,6 +7,9 @@ are authenticated as guest, as reconnect
user's smb session. This fix allows cifs to mount multiple times to the
same server with different userids without risking invalidating earlier
established security contexts.
+Fix "redzone overwritten" bug in cifs_put_tcon (CIFSTcon may allocate too
+little memory for the "nativeFileSystem" field returned by the server
+during mount).
Version 1.56
------------
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -3667,7 +3667,7 @@ CIFSTCon(unsigned int xid, struct cifsSe
BCC(smb_buffer_response)) {
kfree(tcon->nativeFileSystem);
tcon->nativeFileSystem =
- kzalloc(length + 2, GFP_KERNEL);
+ kzalloc(2*(length + 1), GFP_KERNEL);
if (tcon->nativeFileSystem)
cifs_strfromUCS_le(
tcon->nativeFileSystem,