From patchwork Wed May 6 11:33:11 2009 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Suresh Jayaraman X-Patchwork-Id: 22005 Received: from lists.samba.org (mail.samba.org [66.70.73.150]) by demeter.kernel.org (8.14.2/8.14.2) with ESMTP id n46BXv55024713 for ; Wed, 6 May 2009 11:33:57 GMT Received: from dp.samba.org (localhost [127.0.0.1]) by lists.samba.org (Postfix) with ESMTP id 8B469163E04 for ; Wed, 6 May 2009 11:33:32 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on dp.samba.org X-Spam-Level: X-Spam-Status: No, score=-2.6 required=3.8 tests=AWL, BAYES_00 autolearn=ham version=3.1.7 X-Original-To: linux-cifs-client@lists.samba.org Delivered-To: linux-cifs-client@lists.samba.org Received: from victor.provo.novell.com (victor.provo.novell.com [137.65.250.26]) by lists.samba.org (Postfix) with ESMTP id 9DFD7163C13 for ; Wed, 6 May 2009 11:32:56 +0000 (GMT) Received: from [164.99.138.63] (prv-ext-foundry1.gns.novell.com [137.65.251.240]) by victor.provo.novell.com with ESMTP; Wed, 06 May 2009 05:33:19 -0600 Message-ID: <4A017577.60803@suse.de> Date: Wed, 06 May 2009 17:03:11 +0530 From: Suresh Jayaraman User-Agent: Thunderbird 2.0.0.19 (X11/20081227) MIME-Version: 1.0 To: Steve French X-Enigmail-Version: 0.95.7 Cc: "linux-cifs-client@lists.samba.org" , Jeff Layton Subject: [linux-cifs-client] [PATCH 2/5] cifs: Increase size of tmp_buf in cifs_readdir to avoid potential overflows X-BeenThere: linux-cifs-client@lists.samba.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: The Linux CIFS VFS client List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-cifs-client-bounces+patchwork-cifs-client=patchwork.kernel.org@lists.samba.org Errors-To: linux-cifs-client-bounces+patchwork-cifs-client=patchwork.kernel.org@lists.samba.org Author: Suresh Jayaraman Date: Mon Apr 20 18:54:36 2009 +0530 cifs: Increase size of tmp_buf in cifs_readdir to avoid potential overflows Increase size of tmp_buf to possible maximum to avoid potential overflows. Also moved UNICODE_NAME_MAX definition so that it can be used elsewhere. Pointed-out-by: Jeff Layton Signed-off-by: Suresh Jayaraman Acked-by: Jeff Layton Signed-off-by: Steve French --- fs/cifs/cifs_unicode.h | 7 +++++++ fs/cifs/readdir.c | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) Index: linux-2.6.29.2/fs/cifs/readdir.c =================================================================== --- linux-2.6.29.2.orig/fs/cifs/readdir.c +++ linux-2.6.29.2/fs/cifs/readdir.c @@ -1072,7 +1072,7 @@ int cifs_readdir(struct file *file, void with the rare long characters alloc more to account for such multibyte target UTF-8 characters. cifs_unicode.c, which actually does the conversion, has the same limit */ - tmp_buf = kmalloc((2 * NAME_MAX) + 4, GFP_KERNEL); + tmp_buf = kmalloc(UNICODE_NAME_MAX, GFP_KERNEL); for (i = 0; (i < num_to_fill) && (rc == 0); i++) { if (current_entry == NULL) { /* evaluate whether this case is an error */ Index: linux-2.6.29.2/fs/cifs/cifs_unicode.h =================================================================== --- linux-2.6.29.2.orig/fs/cifs/cifs_unicode.h +++ linux-2.6.29.2/fs/cifs/cifs_unicode.h @@ -64,6 +64,13 @@ int cifs_strtoUCS(__le16 *, const char * #endif /* + * To be safe - for UCS to UTF-8 with strings loaded with the rare long + * characters alloc more to account for such multibyte target UTF-8 + * characters. + */ +#define UNICODE_NAME_MAX ((4 * NAME_MAX) + 2) + +/* * UniStrcat: Concatenate the second string to the first * * Returns: