[CIFS] Fix buffer overflow if server sends corrupt response to small - blaster4385/linux-IllusionX - Linux kernel with personal config changes for arch linux

diff options

author	Steve French <[email protected]>	2007-11-13 22:41:37 +0000
committer	Steve French <[email protected]>	2007-11-13 22:41:37 +0000
commit	133672efbc1085f9af990bdc145e1822ea93bcf3 (patch)
tree	b93b5ba3a9559d137fe7fb86f6d1a3d33189ce0b /lib/debugobjects.c
parent	9418d5dc9ba40b88737580457bf3b7c63c60ec43 (diff)

[CIFS] Fix buffer overflow if server sends corrupt response to small

request In SendReceive() function in transport.c - it memcpy's message payload into a buffer passed via out_buf param. The function assumes that all buffers are of size (CIFSMaxBufSize + MAX_CIFS_HDR_SIZE) , unfortunately it is also called with smaller (MAX_CIFS_SMALL_BUFFER_SIZE) buffers. There are eight callers (SMB worker functions) which are primarily affected by this change: TreeDisconnect, uLogoff, Close, findClose, SetFileSize, SetFileTimes, Lock and PosixLock CC: Dave Kleikamp <[email protected]> CC: Przemyslaw Wegrzyn <[email protected]> Acked-by: Jeff Layton <[email protected]> Signed-off-by: Steve French <[email protected]>

Diffstat (limited to 'lib/debugobjects.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: