[PATCH 3.2 078/147] cifs: check MaxPathNameComponentLength != 0 before using it

From: Ben Hutchings
Date: Mon Nov 06 2017 - 18:34:54 EST

Next message: Ben Hutchings: "[PATCH 3.2 081/147] ALSA: seq: Fix use-after-free at creating a port"
Previous message: Ben Hutchings: "[PATCH 3.2 083/147] packet: race condition in packet_bind"
In reply to: Ben Hutchings: "[PATCH 3.2 083/147] packet: race condition in packet_bind"
Next in thread: Ben Hutchings: "[PATCH 3.2 081/147] ALSA: seq: Fix use-after-free at creating a port"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

3.2.95-rc1 review patch. If anyone has any objections, please let me know.

------------------

From: Ronnie Sahlberg <lsahlber@xxxxxxxxxx>

commit f74bc7c6679200a4a83156bb89cbf6c229fe8ec0 upstream.

And fix tcon leak in error path.

Signed-off-by: Ronnie Sahlberg <lsahlber@xxxxxxxxxx>
Signed-off-by: Steve French <smfrench@xxxxxxxxx>
Reviewed-by: David Disseldorp <ddiss@xxxxxxxxx>
[bwh: Backported to 3.2: cifs_tcon pointer is tcon, and there's no leak to fix]
Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
---
--- a/fs/cifs/dir.c
+++ b/fs/cifs/dir.c
@@ -521,7 +521,8 @@ cifs_lookup(struct inode *parent_dir_ino
oplock = pTcon->ses->server->oplocks ? REQ_OPLOCK : 0;

/* Don't allow path components longer than the server max. */
- if (unlikely(direntry->d_name.len >
+ if (unlikely(pTcon->fsAttrInfo.MaxPathNameComponentLength &&
+ direntry->d_name.len >
le32_to_cpu(pTcon->fsAttrInfo.MaxPathNameComponentLength))) {
rc = -ENAMETOOLONG;
goto lookup_out;

Next message: Ben Hutchings: "[PATCH 3.2 081/147] ALSA: seq: Fix use-after-free at creating a port"
Previous message: Ben Hutchings: "[PATCH 3.2 083/147] packet: race condition in packet_bind"
In reply to: Ben Hutchings: "[PATCH 3.2 083/147] packet: race condition in packet_bind"
Next in thread: Ben Hutchings: "[PATCH 3.2 081/147] ALSA: seq: Fix use-after-free at creating a port"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]