CIFS: Fix memory corruption on mount (Closes: #635344)
svn path=/dists/sid/linux-2.6/; revision=18015
This commit is contained in:
parent
c5c7e2149e
commit
c0dedf4876
|
@ -11,6 +11,7 @@ linux-2.6 (3.0.0-3) UNRELEASED; urgency=low
|
||||||
SNAT/masquerading is not done)
|
SNAT/masquerading is not done)
|
||||||
* Remove net device features from bug reports (Closes: #638956)
|
* Remove net device features from bug reports (Closes: #638956)
|
||||||
* [mips,mipsel] Ignore nfs ABI changes made in 3.0.0-2; fixes FTBFS
|
* [mips,mipsel] Ignore nfs ABI changes made in 3.0.0-2; fixes FTBFS
|
||||||
|
* CIFS: Fix memory corruption on mount (Closes: #635344)
|
||||||
|
|
||||||
-- Ben Hutchings <ben@decadent.org.uk> Sun, 21 Aug 2011 16:18:29 +0100
|
-- Ben Hutchings <ben@decadent.org.uk> Sun, 21 Aug 2011 16:18:29 +0100
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,36 @@
|
||||||
|
From: Steve French <sfrench@us.ibm.com>
|
||||||
|
Date: Thu, 18 Aug 2011 04:41:55 +0000
|
||||||
|
Subject: [CIFS] possible memory corruption on mount
|
||||||
|
|
||||||
|
From: Steve French <sfrench@us.ibm.com>
|
||||||
|
|
||||||
|
commit 13589c437daf4c8e429b3236c0b923de1c9420d8 upstream.
|
||||||
|
|
||||||
|
CIFS cleanup_volume_info_contents() looks like having a memory
|
||||||
|
corruption problem.
|
||||||
|
When UNCip is set to "&vol->UNC[2]" in cifs_parse_mount_options(), it
|
||||||
|
should not be kfree()-ed in cleanup_volume_info_contents().
|
||||||
|
|
||||||
|
Introduced in commit b946845a9dc523c759cae2b6a0f6827486c3221a
|
||||||
|
|
||||||
|
Signed-off-by: J.R. Okajima <hooanon05@yahoo.co.jp>
|
||||||
|
Reviewed-by: Jeff Layton <jlayton@redhat.com>
|
||||||
|
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
||||||
|
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
||||||
|
|
||||||
|
---
|
||||||
|
fs/cifs/connect.c | 3 ++-
|
||||||
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
--- a/fs/cifs/connect.c
|
||||||
|
+++ b/fs/cifs/connect.c
|
||||||
|
@@ -2838,7 +2838,8 @@ cleanup_volume_info_contents(struct smb_
|
||||||
|
kfree(volume_info->username);
|
||||||
|
kzfree(volume_info->password);
|
||||||
|
kfree(volume_info->UNC);
|
||||||
|
- kfree(volume_info->UNCip);
|
||||||
|
+ if (volume_info->UNCip != volume_info->UNC + 2)
|
||||||
|
+ kfree(volume_info->UNCip);
|
||||||
|
kfree(volume_info->domainname);
|
||||||
|
kfree(volume_info->iocharset);
|
||||||
|
kfree(volume_info->prepath);
|
|
@ -1,3 +1,4 @@
|
||||||
- bugfix/all/perf-do-not-look-at-.-config-for-configuration.patch
|
- bugfix/all/perf-do-not-look-at-.-config-for-configuration.patch
|
||||||
+ bugfix/all/stable/3.0.3.patch
|
+ bugfix/all/stable/3.0.3.patch
|
||||||
+ bugfix/all/netfilter-TCP-and-raw-fix-for-ip_route_me_harder.patch
|
+ bugfix/all/netfilter-TCP-and-raw-fix-for-ip_route_me_harder.patch
|
||||||
|
+ bugfix/all/cifs-possible-memory-corruption-on-mount.patch
|
||||||
|
|
Loading…
Reference in New Issue