[linux-cifs-client,2/2] cifs: Increase size of tmp_buf in cifs_readdir to avoid potential overflows
diff mbox

Message ID 49EC7794.50603@suse.de
State New, archived
Headers show

Commit Message

Suresh Jayaraman April 20, 2009, 1:24 p.m. UTC
Increase size of tmp_buf to possible maximum to avoid potential
overflows.


Pointed-out-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de>
---
 fs/cifs/readdir.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

Comments

Jeff Layton April 20, 2009, 3:30 p.m. UTC | #1
On Mon, 20 Apr 2009 18:54:36 +0530
Suresh Jayaraman <sjayaraman@suse.de> wrote:

> Increase size of tmp_buf to possible maximum to avoid potential
> overflows.
> 
> 
> Pointed-out-by: Jeff Layton <jlayton@redhat.com>
> Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de>
> ---
>  fs/cifs/readdir.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/fs/cifs/readdir.c b/fs/cifs/readdir.c
> index 1a8be62..ebd0da7 100644
> --- a/fs/cifs/readdir.c
> +++ b/fs/cifs/readdir.c
> @@ -1074,7 +1074,7 @@ int cifs_readdir(struct file *file, void *direntry, filldir_t filldir)
>  		with the rare long characters alloc more to account for
>  		such multibyte target UTF-8 characters. cifs_unicode.c,
>  		which actually does the conversion, has the same limit */
> -		tmp_buf = kmalloc((2 * NAME_MAX) + 4, GFP_KERNEL);
> +		tmp_buf = kmalloc((4 * NAME_MAX) + 2, GFP_KERNEL);
>  		for (i = 0; (i < num_to_fill) && (rc == 0); i++) {
>  			if (current_entry == NULL) {
>  				/* evaluate whether this case is an error */

Acked-by: Jeff Layton <jlayton@redhat.com>
Steve French April 20, 2009, 7:58 p.m. UTC | #2
Merged this and also patch 1 of 2

thx

On Mon, Apr 20, 2009 at 10:30 AM, Jeff Layton <jlayton@redhat.com> wrote:
> On Mon, 20 Apr 2009 18:54:36 +0530
> Suresh Jayaraman <sjayaraman@suse.de> wrote:
>
>> Increase size of tmp_buf to possible maximum to avoid potential
>> overflows.
>>
>>
>> Pointed-out-by: Jeff Layton <jlayton@redhat.com>
>> Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de>
>> ---
>>  fs/cifs/readdir.c |    2 +-
>>  1 files changed, 1 insertions(+), 1 deletions(-)
>>
>> diff --git a/fs/cifs/readdir.c b/fs/cifs/readdir.c
>> index 1a8be62..ebd0da7 100644
>> --- a/fs/cifs/readdir.c
>> +++ b/fs/cifs/readdir.c
>> @@ -1074,7 +1074,7 @@ int cifs_readdir(struct file *file, void *direntry, filldir_t filldir)
>>               with the rare long characters alloc more to account for
>>               such multibyte target UTF-8 characters. cifs_unicode.c,
>>               which actually does the conversion, has the same limit */
>> -             tmp_buf = kmalloc((2 * NAME_MAX) + 4, GFP_KERNEL);
>> +             tmp_buf = kmalloc((4 * NAME_MAX) + 2, GFP_KERNEL);
>>               for (i = 0; (i < num_to_fill) && (rc == 0); i++) {
>>                       if (current_entry == NULL) {
>>                               /* evaluate whether this case is an error */
>
> Acked-by: Jeff Layton <jlayton@redhat.com>
>

Patch
diff mbox

diff --git a/fs/cifs/readdir.c b/fs/cifs/readdir.c
index 1a8be62..ebd0da7 100644
--- a/fs/cifs/readdir.c
+++ b/fs/cifs/readdir.c
@@ -1074,7 +1074,7 @@  int cifs_readdir(struct file *file, void *direntry, filldir_t filldir)
 		with the rare long characters alloc more to account for
 		such multibyte target UTF-8 characters. cifs_unicode.c,
 		which actually does the conversion, has the same limit */
-		tmp_buf = kmalloc((2 * NAME_MAX) + 4, GFP_KERNEL);
+		tmp_buf = kmalloc((4 * NAME_MAX) + 2, GFP_KERNEL);
 		for (i = 0; (i < num_to_fill) && (rc == 0); i++) {
 			if (current_entry == NULL) {
 				/* evaluate whether this case is an error */