Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2025-01-16 02:14:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
linux-stable/fs
History
Jeff Layton 9438fabb73 cifs: fix possible memory corruption in CIFSFindNext 
The name_len variable in CIFSFindNext is a signed int that gets set to
the resume_name_len in the cifs_search_info. The resume_name_len however
is unsigned and for some infolevels is populated directly from a 32 bit
value sent by the server.

If the server sends a very large value for this, then that value could
look negative when converted to a signed int. That would make that
value pass the PATH_MAX check later in CIFSFindNext. The name_len would
then be used as a length value for a memcpy. It would then be treated
as unsigned again, and the memcpy scribbles over a ton of memory.

Fix this by making the name_len an unsigned value in CIFSFindNext.

Cc: <stable@kernel.org>
Reported-by: Darren Lavender <dcl@hppine99.gbr.hp.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2011-09-19 21:14:40 -05:00
..
9p
fs/9p: Use protocol-defined value for lock/getlock 'type' field.
2011-09-06 08:17:16 -05:00
adfs
Fix common misspellings
2011-03-31 11:26:23 -03:00
affs
fs: push i_mutex and filemap_write_and_wait down into ->fsync() handlers
2011-07-20 20:47:59 -04:00
afs
AFS: Fix silly characters in a comment
2011-07-20 20:48:03 -04:00
autofs4
autofs4: fix debug printk warning uncovered by cleanup
2011-08-08 12:02:43 -07:00
befs
befs: Validate length of long symbolic links.
2011-08-17 13:31:24 -07:00
bfs
bfs: remove unnecessary dentry_unhash on dir rename
2011-05-28 01:02:50 -04:00
btrfs
Btrfs: only clear the need lookup flag after the dentry is setup
2011-09-18 10:34:03 -04:00
cachefiles
kill useless checks for sb->s_op == NULL
2011-07-20 01:44:21 -04:00
ceph
Merge branch 'for-linus' of git://ceph.newdream.net/git/ceph-client
2011-09-09 15:48:34 -07:00
cifs
cifs: fix possible memory corruption in CIFSFindNext
2011-09-19 21:14:40 -05:00
coda
fs: push i_mutex and filemap_write_and_wait down into ->fsync() handlers
2011-07-20 20:47:59 -04:00
configfs
configfs: remove unnecessary dentry_unhash on rmdir, dir rename
2011-05-28 01:02:54 -04:00
cramfs
cramfs: get_cramfs_inode() returns ERR_PTR() on failure
2011-07-17 23:22:02 -04:00
debugfs
debugfs: move to new strtobool
2011-05-19 16:55:28 +09:30
devpts
fs/devpts/inode.c: correctly check d_alloc_name() return code in devpts_pty_new()
2011-03-22 17:44:17 -07:00
dlm
Merge branch 'for-3.1' of git://linux-nfs.org/~bfields/linux
2011-07-25 22:49:19 -07:00
ecryptfs
Ecryptfs: Add mount option to check uid of device being mounted = expect uid
2011-08-09 23:29:01 -05:00
efs
make d_splice_alias(ERR_PTR(err), dentry) = ERR_PTR(err)
2011-07-20 01:44:26 -04:00
exofs
Merge branch 'for-linus' of git://git.open-osd.org/linux-open-osd
2011-08-06 22:56:03 -07:00
exportfs
vfs: Add open by file handle support
2011-03-15 02:21:44 -04:00
ext2
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
2011-08-01 13:48:31 -10:00
ext3
ext3: Properly count journal credits for long symlinks
2011-08-11 17:23:40 -07:00
ext4
ext4: remove i_mutex lock in ext4_evict_inode to fix lockdep complaining
2011-08-31 11:50:51 -04:00
fat
Merge git://git.kernel.org/pub/scm/linux/kernel/git/hirofumi/fatfs-2.6
2011-08-18 14:16:13 -07:00
freevxfs
treewide: fix a few typos in comments
2011-05-10 10:16:21 +02:00
fscache
FS-Cache: Fix __fscache_uncache_all_inode_pages()'s outer loop
2011-07-21 10:59:16 -07:00
fuse
fuse: fix memory leak
2011-09-12 11:47:10 -07:00
gfs2
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
2011-08-01 13:48:31 -10:00
hfs
fs: push i_mutex and filemap_write_and_wait down into ->fsync() handlers
2011-07-20 20:47:59 -04:00
hfsplus
hfsplus: fix filesystem size checks
2011-09-15 09:03:17 -07:00
hostfs
fs: push i_mutex and filemap_write_and_wait down into ->fsync() handlers
2011-07-20 20:47:59 -04:00
hpfs
fs: push i_mutex and filemap_write_and_wait down into ->fsync() handlers
2011-07-20 20:47:59 -04:00
hppfs
hppfs: missing include
2011-07-27 22:21:58 -04:00
hugetlbfs
lockdep: Add helper function for dir vs file i_mutex annotation
2011-08-25 10:50:18 -07:00
isofs
isofs: Remove global fs lock
2011-07-22 19:42:12 -04:00
jbd
jbd: Use WRITE_SYNC in journal checkpoint.
2011-06-28 00:06:41 +02:00
jbd2
jbd2: remove jbd2_dev_to_name() from jbd2 tracepoints
2011-07-10 22:05:08 -04:00
jffs2
switch posix_acl_equiv_mode() to umode_t *
2011-08-01 02:10:06 -04:00
jfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/shaggy/jfs-2.6
2011-08-15 08:40:24 -07:00
lockd
Merge branch 'nfs-for-3.1' of git://git.linux-nfs.org/projects/trondmy/linux-nfs
2011-07-27 13:23:02 -07:00
logfs
fs: push i_mutex and filemap_write_and_wait down into ->fsync() handlers
2011-07-20 20:47:59 -04:00
minix
minix_getattr(): don't bother with ->d_parent
2011-07-20 20:47:53 -04:00
ncpfs
fs: push i_mutex and filemap_write_and_wait down into ->fsync() handlers
2011-07-20 20:47:59 -04:00
nfs
nfs: Do not allow multiple mounts on same mountpoint when using -o noac
2011-09-13 17:10:15 -04:00
nfs_common
Fix common misspellings
2011-03-31 11:26:23 -03:00
nfsd
Merge branch 'for-3.1' of git://linux-nfs.org/~bfields/linux
2011-07-25 22:49:19 -07:00
nilfs2
fs: push i_mutex and filemap_write_and_wait down into ->fsync() handlers
2011-07-20 20:47:59 -04:00
nls
notify
atomic: use <linux/atomic.h>
2011-07-26 16:49:47 -07:00
ntfs
atomic: use <linux/atomic.h>
2011-07-26 16:49:47 -07:00
ocfs2
switch posix_acl_equiv_mode() to umode_t *
2011-08-01 02:10:06 -04:00
omfs
omfs: fix (mode & S_IFDIR) abuse
2011-07-26 13:05:28 -04:00
openpromfs
partitions
Merge branch 'for-linus' into for-3.1/core
2011-07-01 16:17:13 +02:00
proc
vfs: show O_CLOEXE bit properly in /proc/<pid>/fdinfo/<fd> files
2011-08-06 11:51:33 -07:00
pstore
pstore: Allow the user to explicitly choose a backend
2011-07-22 16:14:39 -07:00
qnx4
block: remove per-queue plugging
2011-03-10 08:52:07 +01:00
quota
vmscan: change shrinker API by passing shrink_control struct
2011-05-25 08:39:26 -07:00
ramfs
ramfs: fix memleak on no-mmu arch
2011-04-14 16:06:56 -07:00
reiserfs
switch posix_acl_equiv_mode() to umode_t *
2011-08-01 02:10:06 -04:00
romfs
romfs: fix romfs_get_unmapped_area() argument check
2011-06-27 18:00:12 -07:00
squashfs
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pkl/squashfs-linus
2011-07-25 22:50:35 -07:00
sysfs
->permission() sanitizing: don't pass flags to ->permission()
2011-07-20 01:43:24 -04:00
sysv
sysv: remove unnecessary dentry_unhash from rmdir, dir rename
2011-05-28 01:02:50 -04:00
ubifs
UBIFS: not build debug messages with CONFIG_UBIFS_FS_DEBUG disabled
2011-08-19 18:58:58 +03:00
udf
switch udf_ioctl() to inode_permission()
2011-07-20 01:43:07 -04:00
ufs
make d_splice_alias(ERR_PTR(err), dentry) = ERR_PTR(err)
2011-07-20 01:44:26 -04:00
xfs
xfs: fix a use after free in xfs_end_io_direct_write
2011-09-14 08:56:35 -05:00
aio.c
Merge branch 'for-2.6.39/core' of git://git.kernel.dk/linux-2.6-block
2011-03-24 10:16:26 -07:00
anon_inodes.c
vfs: dont chain pipe/anon/socket on superblock s_inodes list
2011-07-26 12:57:09 -04:00
attr.c
fs: move inode_dio_wait calls into ->setattr
2011-07-20 20:47:47 -04:00
bad_inode.c
fs: push i_mutex and filemap_write_and_wait down into ->fsync() handlers
2011-07-20 20:47:59 -04:00
binfmt_aout.c
binfmt_elf_fdpic.c
consolidate BINPRM_FLAGS_ENFORCE_NONDUMP handling
2011-07-20 01:43:10 -04:00
binfmt_elf.c
consolidate BINPRM_FLAGS_ENFORCE_NONDUMP handling
2011-07-20 01:43:10 -04:00
binfmt_em86.c
binfmt_flat.c
CRED: Fix load_flat_shared_library() to initialise bprm correctly
2011-05-03 10:10:51 +10:00
binfmt_misc.c
consolidate BINPRM_FLAGS_ENFORCE_NONDUMP handling
2011-07-20 01:43:10 -04:00
binfmt_script.c
binfmt_som.c
bio-integrity.c
block: Require subsystems to explicitly allocate bio_set integrity mempool
2011-03-17 11:11:05 +01:00
bio.c
block: improve the bio_add_page() and bio_add_pc_page() descriptions
2011-05-28 14:44:46 +02:00
block_dev.c
Avoid dereferencing a 'request_queue' after last close.
2011-09-10 17:20:21 +10:00
buffer.c
vfs: Fix data corruption after failed write in __block_write_begin()
2011-06-16 11:44:46 -04:00
char_dev.c
Merge branch 'for-2.6.38/core' of git://git.kernel.dk/linux-2.6-block
2011-01-13 10:45:01 -08:00
compat_binfmt_elf.c
compat_ioctl.c
compat_ioctl: add compat handler for PPPIOCGL2TPSTATS
2011-08-07 22:24:41 -07:00
compat.c
All Arch: remove linkage for sys_nfsservctl system call
2011-08-26 15:09:58 -07:00
dcache.c
vfs: renumber DCACHE_xyz flags, remove some stale ones
2011-08-06 22:52:40 -07:00
dcookies.c
oprofile, dcookies: Fix possible circular locking dependency
2011-05-31 16:33:35 +02:00
direct-io.c
atomic: use <linux/atomic.h>
2011-07-26 16:49:47 -07:00
drop_caches.c
vmscan: change shrinker API by passing shrink_control struct
2011-05-25 08:39:26 -07:00
eventfd.c
Docbook: add fs/eventfd.c and fix typos in it
2011-02-21 15:07:04 -08:00
eventpoll.c
atomic: use <linux/atomic.h>
2011-07-26 16:49:47 -07:00
exec.c
move RLIMIT_NPROC check from set_user() to do_execve_common()
2011-08-11 11:24:42 -07:00
fcntl.c
userns: rename is_owner_or_cap to inode_owner_or_capable
2011-03-23 19:47:13 -07:00
fhandle.c
fs/fhandle.c: add <linux/personality.h> for ia64
2011-04-14 16:06:56 -07:00
fifo.c
Filesystem: fifo: Fixed coding style issue.
2011-03-21 00:16:09 -04:00
file_table.c
atomic: use <linux/atomic.h>
2011-07-26 16:49:47 -07:00
file.c
vfs: avoid large kmalloc()s for the fdtable
2011-04-28 11:28:20 -07:00
filesystems.c
fs: synchronize_rcu when unregister_filesystem success not failure
2011-04-17 10:42:01 -07:00
fs_struct.c
sanitize vfsmount refcounting changes
2011-01-16 13:47:07 -05:00
fs-writeback.c
don't busy retry the inode on failed grab_super_passive()
2011-07-31 22:52:08 +08:00
generic_acl.c
switch posix_acl_equiv_mode() to umode_t *
2011-08-01 02:10:06 -04:00
inode.c
lockdep: Add helper function for dir vs file i_mutex annotation
2011-08-25 10:50:18 -07:00
internal.h
superblock: move pin_sb_for_writeback() to fs/super.c
2011-07-20 01:44:38 -04:00
ioctl.c
vfs: cleanup do_vfs_ioctl()
2011-03-21 00:16:08 -04:00
ioprio.c
Kconfig
tmpfs: expand "help" to explain value of TMPFS_POSIX_ACL
2011-08-03 14:25:25 -10:00
Kconfig.binfmt
libfs.c
fix IN_DELETE_SELF on overwriting rename() on ramfs et.al.
2011-07-22 19:42:11 -04:00
locks.c
locks: rename lock-manager ops
2011-07-20 20:23:19 -04:00
Makefile
nfsd: Remove deprecated nfsctl system call and related code.
2011-07-15 18:58:42 -04:00
mbcache.c
vmscan: change shrinker API by passing shrink_control struct
2011-05-25 08:39:26 -07:00
mpage.c
mm/fs: add hooks to support cleancache
2011-05-26 10:01:43 -06:00
namei.c
restore pinning the victim dentry in vfs_rmdir()/vfs_rename_dir()
2011-09-14 11:31:55 -07:00
namespace.c
VFS : mount lock scalability for internal mounts
2011-07-24 10:08:32 -04:00
no-block.c
open.c
merge fchmod() and fchmodat() guts, kill ancient broken kludge
2011-07-26 15:07:43 -04:00
pipe.c
vfs: dont chain pipe/anon/socket on superblock s_inodes list
2011-07-26 12:57:09 -04:00
pnode.c
pnode.h
posix_acl.c
switch posix_acl_chmod() to umode_t
2011-08-01 02:10:32 -04:00
read_write.c
fs: add missing unlock in default_llseek()
2011-07-26 12:57:09 -04:00
read_write.h
readdir.c
select.c
select: remove unused MAX_SELECT_SECONDS
2011-03-21 00:16:08 -04:00
seq_file.c
signalfd.c
splice.c
tmpfs: clone shmem_file_splice_read()
2011-07-25 20:57:11 -07:00
stack.c
mm: a few small updates for radix-swap
2011-08-03 14:25:24 -10:00
stat.c
vfs: optimize inode cache access patterns
2011-08-06 22:53:23 -07:00
statfs.c
clean statfs-like syscalls up
2011-03-14 09:15:28 -04:00
super.c
Merge branch 'for-3.1/core' of git://git.kernel.dk/linux-block
2011-07-25 10:33:36 -07:00
sync.c
fs: push i_mutex and filemap_write_and_wait down into ->fsync() handlers
2011-07-20 20:47:59 -04:00
timerfd.c
timerfd: Fix wakeup of processes when timer is cancelled on clock change
2011-06-14 11:46:14 +02:00
utimes.c
userns: rename is_owner_or_cap to inode_owner_or_capable
2011-03-23 19:47:13 -07:00
xattr_acl.c
xattr.c
Cache xattr security drop check for write v2
2011-05-28 12:02:09 -04:00