From patchwork Mon Apr 20 13:24:36 2009 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Suresh Jayaraman X-Patchwork-Id: 19014 Received: from lists.samba.org (mail.samba.org [66.70.73.150]) by demeter.kernel.org (8.14.2/8.14.2) with ESMTP id n3KDP1WS023606 for ; Mon, 20 Apr 2009 13:25:01 GMT Received: from dp.samba.org (localhost [127.0.0.1]) by lists.samba.org (Postfix) with ESMTP id BF010163C52 for ; Mon, 20 Apr 2009 13:24:39 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on dp.samba.org X-Spam-Level: X-Spam-Status: No, score=-2.6 required=3.8 tests=AWL, BAYES_00 autolearn=ham version=3.1.7 X-Original-To: linux-cifs-client@lists.samba.org Delivered-To: linux-cifs-client@lists.samba.org Received: from victor.provo.novell.com (victor.provo.novell.com [137.65.250.26]) by lists.samba.org (Postfix) with ESMTP id 5A01F163B73 for ; Mon, 20 Apr 2009 13:24:24 +0000 (GMT) Received: from [164.99.138.63] (prv-ext-foundry1.gns.novell.com [137.65.251.240]) by victor.provo.novell.com with ESMTP; Mon, 20 Apr 2009 07:24:43 -0600 Message-ID: <49EC7794.50603@suse.de> Date: Mon, 20 Apr 2009 18:54:36 +0530 From: Suresh Jayaraman User-Agent: Thunderbird 2.0.0.19 (X11/20081227) MIME-Version: 1.0 To: Steve French X-Enigmail-Version: 0.95.7 Cc: "linux-cifs-client@lists.samba.org" , Jeff Layton Subject: [linux-cifs-client] [PATCH 2/2] cifs: Increase size of tmp_buf in cifs_readdir to avoid potential overflows X-BeenThere: linux-cifs-client@lists.samba.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: The Linux CIFS VFS client List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-cifs-client-bounces+patchwork-cifs-client=patchwork.kernel.org@lists.samba.org Errors-To: linux-cifs-client-bounces+patchwork-cifs-client=patchwork.kernel.org@lists.samba.org Increase size of tmp_buf to possible maximum to avoid potential overflows. Pointed-out-by: Jeff Layton Signed-off-by: Suresh Jayaraman Acked-by: Jeff Layton --- fs/cifs/readdir.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/fs/cifs/readdir.c b/fs/cifs/readdir.c index 1a8be62..ebd0da7 100644 --- a/fs/cifs/readdir.c +++ b/fs/cifs/readdir.c @@ -1074,7 +1074,7 @@ int cifs_readdir(struct file *file, void *direntry, filldir_t filldir) with the rare long characters alloc more to account for such multibyte target UTF-8 characters. cifs_unicode.c, which actually does the conversion, has the same limit */ - tmp_buf = kmalloc((2 * NAME_MAX) + 4, GFP_KERNEL); + tmp_buf = kmalloc((4 * NAME_MAX) + 2, GFP_KERNEL); for (i = 0; (i < num_to_fill) && (rc == 0); i++) { if (current_entry == NULL) { /* evaluate whether this case is an error */