/[packages]/cauldron/kernel/current/PATCHES/patches/stable-cifs-change-bleft-in-decode_unicode_ssetup-back-to-signed-type.patch
ViewVC logotype

Contents of /cauldron/kernel/current/PATCHES/patches/stable-cifs-change-bleft-in-decode_unicode_ssetup-back-to-signed-type.patch

Parent Directory Parent Directory | Revision Log Revision Log

Revision 97088 - (show annotations) (download)
Tue May 10 20:22:17 2011 UTC (12 years, 11 months ago) by tmb
File size: 1981 byte(s) 
- merge current stable queue:
  cifs: change bleft in decode_unicode_ssetup back to signed type
  cifs: check for bytes_remaining going to zero in CIFS_SessSetup
  cifs: handle errors from coalesce_t2
  cifs: refactor mid finding loop in cifs_demultiplex_thread
  cifs: sanitize length checking in coalesce_t2
  drm/radeon/kms: add pci id to acer travelmate quirk for 5730
  drm/radeon/kms: fix gart setup on fusion parts (v2) backport
  drm/i915/dp: Be paranoid in case we disable a DP before it is attached
  drm/i915/lvds: Only act on lid notify when the device is on
  drm/i915: Release object along create user fb error path
  efi: Validate size of EFI GUID partition entries
  hw_breakpoints, powerpc: Fix CONFIG_HAVE_HW_BREAKPOINT off-case in ptrace_set_debugreg()
  iwlwifi: add {ack, plpc}_check module parameters
  ptrace: Prepare to fix racy accesses on task breakpoints
  thinkpad-acpi: module autoloading for newer Lenovo ThinkPads
  vm: Don't lock guardpage if the stack is growing up
  vm: fix vm_pgoff wrap in upward expansion
  x86, hw_breakpoints: Fix racy access to ptrace breakpoints
1 From bfacf2225a955bea9c41c707fc72ba16009674a0 Mon Sep 17 00:00:00 2001
2 From: Jeff Layton <jlayton@redhat.com>
3 Date: Wed, 27 Apr 2011 13:25:51 -0400
4 Subject: cifs: change bleft in decode_unicode_ssetup back to signed type
5
6 From: Jeff Layton <jlayton@redhat.com>
7
8 commit bfacf2225a955bea9c41c707fc72ba16009674a0 upstream.
9
10 The buffer length checks in this function depend on this value being a
11 signed data type, but 690c522fa converted it to an unsigned type.
12
13 Also, eliminate a problem with the null termination check in the same
14 function. cifs_strndup_from_ucs handles that situation correctly
15 already, and the existing check could potentially lead to a buffer
16 overrun since it increments bleft without checking to see whether it
17 falls off the end of the buffer.
18
19 Reported-and-Acked-by: David Howells <dhowells@redhat.com>
20 Signed-off-by: Jeff Layton <jlayton@redhat.com>
21 Signed-off-by: Steve French <sfrench@us.ibm.com>
22 Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
23
24 ---
25 fs/cifs/sess.c | 15 +--------------
26 1 file changed, 1 insertion(+), 14 deletions(-)
27
28 --- a/fs/cifs/sess.c
29 +++ b/fs/cifs/sess.c
30 @@ -277,7 +277,7 @@ static void ascii_ssetup_strings(char **
31 }
32
33 static void
34 -decode_unicode_ssetup(char **pbcc_area, __u16 bleft, struct cifsSesInfo *ses,
35 +decode_unicode_ssetup(char **pbcc_area, int bleft, struct cifsSesInfo *ses,
36 const struct nls_table *nls_cp)
37 {
38 int len;
39 @@ -285,19 +285,6 @@ decode_unicode_ssetup(char **pbcc_area,
40
41 cFYI(1, "bleft %d", bleft);
42
43 - /*
44 - * Windows servers do not always double null terminate their final
45 - * Unicode string. Check to see if there are an uneven number of bytes
46 - * left. If so, then add an extra NULL pad byte to the end of the
47 - * response.
48 - *
49 - * See section 2.7.2 in "Implementing CIFS" for details
50 - */
51 - if (bleft % 2) {
52 - data[bleft] = 0;
53 - ++bleft;
54 - }
55 -
56 kfree(ses->serverOS);
57 ses->serverOS = cifs_strndup_from_ucs(data, bleft, true, nls_cp);
58 cFYI(1, "serverOS=%s", ses->serverOS);
  ViewVC Help
Powered by ViewVC 1.1.30