projects / openwrt / svn-archive / archive.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
[8.09] [CVE-2009-1439] fix Linux kernel buffer overflow in CIFS
[openwrt/svn-archive/archive.git] / target / linux / generic-2.6 / patches-2.6.24 / 994-cve-2009-1439.patch
1 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1439
2
3 --- a/fs/cifs/connect.c
4 +++ b/fs/cifs/connect.c
5 @@ -3421,16 +3421,13 @@ CIFSTCon(unsigned int xid, struct cifsSe
6 BCC(smb_buffer_response)) {
7 kfree(tcon->nativeFileSystem);
8 tcon->nativeFileSystem =
9 - kzalloc(length + 2, GFP_KERNEL);
10 + kzalloc((4 * length) + 2, GFP_KERNEL);
11 if (tcon->nativeFileSystem)
12 cifs_strfromUCS_le(
13 tcon->nativeFileSystem,
14 (__le16 *) bcc_ptr,
15 length, nls_codepage);
16 - bcc_ptr += 2 * length;
17 - bcc_ptr[0] = 0; /* null terminate the string */
18 - bcc_ptr[1] = 0;
19 - bcc_ptr += 2;
20 + bcc_ptr += (2 * length) + 2;
21 }
22 /* else do not bother copying these information fields*/
23 } else {
OpenWrt SVN history