Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit64b7f67

Browse files
Vladimir Zapolskiytorvalds
Vladimir Zapolskiy
authored andcommitted
cifs: Fix incomplete memory allocation on setxattr path
On setxattr() syscall path due to an apprent typo the size of a dynamicallyallocated memory chunk for storing struct smb2_file_full_ea_info object iscomputed incorrectly, to be more precise the first addend is the size ofa pointer instead of the wanted object size. Coincidentally it makes nodifference on 64-bit platforms, however on 32-bit targets the followingmemcpy() writes 4 bytes of data outside of the dynamically allocated memory. ============================================================================= BUG kmalloc-16 (Not tainted): Redzone overwritten ----------------------------------------------------------------------------- Disabling lock debugging due to kernel taint INFO: 0x79e69a6f-0x9e5cdecf@offset=368. First byte 0x73 instead of 0xcc INFO: Slab 0xd36d2454 objects=85 used=51 fp=0xf7d0fc7a flags=0x35000201 INFO: Object 0x6f171df3@offset=352 fp=0x00000000 Redzone 5d4ff02d: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Object 6f171df3: 00 00 00 00 00 05 06 00 73 6e 72 75 62 00 66 69 ........snrub.fi Redzone 79e69a6f: 73 68 32 0a sh2. Padding 56254d82: 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZ CPU: 0 PID: 8196 Comm: attr Tainted: G B 5.9.0-rc8+ #3 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1 04/01/2014 Call Trace: dump_stack+0x54/0x6e print_trailer+0x12c/0x134 check_bytes_and_report.cold+0x3e/0x69 check_object+0x18c/0x250 free_debug_processing+0xfe/0x230 __slab_free+0x1c0/0x300 kfree+0x1d3/0x220 smb2_set_ea+0x27d/0x540 cifs_xattr_set+0x57f/0x620 __vfs_setxattr+0x4e/0x60 __vfs_setxattr_noperm+0x4e/0x100 __vfs_setxattr_locked+0xae/0xd0 vfs_setxattr+0x4e/0xe0 setxattr+0x12c/0x1a0 path_setxattr+0xa4/0xc0 __ia32_sys_lsetxattr+0x1d/0x20 __do_fast_syscall_32+0x40/0x70 do_fast_syscall_32+0x29/0x60 do_SYSENTER_32+0x15/0x20 entry_SYSENTER_32+0x9f/0xf2Fixes:5517554 ("cifs: Add support for writing attributes on SMB2+")Signed-off-by: Vladimir Zapolskiy <vladimir@tuxera.com>Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1 parent033b5d7 commit64b7f67

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

‎fs/cifs/smb2ops.c‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1208,7 +1208,7 @@ smb2_set_ea(const unsigned int xid, struct cifs_tcon *tcon,
12081208
rqst[1].rq_iov=si_iov;
12091209
rqst[1].rq_nvec=1;
12101210

1211-
len=sizeof(ea)+ea_name_len+ea_value_len+1;
1211+
len=sizeof(*ea)+ea_name_len+ea_value_len+1;
12121212
ea=kzalloc(len,GFP_KERNEL);
12131213
if (ea==NULL) {
12141214
rc=-ENOMEM;

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp