linux/fs
Steve French 133672efbc [CIFS] Fix buffer overflow if server sends corrupt response to small
request

In SendReceive() function in transport.c - it memcpy's
message payload into a buffer passed via out_buf param. The function
assumes that all buffers are of size (CIFSMaxBufSize +
MAX_CIFS_HDR_SIZE) , unfortunately it is also called with smaller
(MAX_CIFS_SMALL_BUFFER_SIZE) buffers.  There are eight callers
(SMB worker functions) which are primarily affected by this change:

TreeDisconnect, uLogoff, Close, findClose, SetFileSize, SetFileTimes,
Lock and PosixLock

CC: Dave Kleikamp <shaggy@austin.ibm.com>
CC: Przemyslaw Wegrzyn <czajnik@czajsoft.pl>
Acked-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2007-11-13 22:41:37 +00:00
..
9p 9p: use copy of the options value instead of original 2007-11-06 08:02:53 -06:00
adfs Slab API: remove useless ctor parameter and reorder parameters 2007-10-17 08:42:45 -07:00
affs fs: mark nibblemap const 2007-10-17 08:42:47 -07:00
afs fs/afs/vlocation.c: fix off-by-one 2007-11-05 15:12:32 -08:00
autofs Use task_pid_nr() instead of pid_nr(task_pid()) 2007-10-19 11:53:43 -07:00
autofs4 pid namespaces: round up the API 2007-10-19 11:53:37 -07:00
befs Slab API: remove useless ctor parameter and reorder parameters 2007-10-17 08:42:45 -07:00
bfs Slab API: remove useless ctor parameter and reorder parameters 2007-10-17 08:42:45 -07:00
cifs [CIFS] Fix buffer overflow if server sends corrupt response to small 2007-11-13 22:41:37 +00:00
coda pid namespaces: round up the API 2007-10-19 11:53:37 -07:00
configfs r/o bind mounts: filesystem helpers for custom 'struct file's 2007-10-17 08:43:04 -07:00
cramfs fs/cramfs/inode.c: replace hardcoded value with preprocessor constant 2007-10-18 14:37:29 -07:00
debugfs [PATCH] pass dentry to audit_inode()/audit_inode_child() 2007-10-21 02:37:18 -04:00
devpts
dlm [DLM] lowcomms: Do not muck with sysctl_rmem_max. 2007-11-07 04:11:42 -08:00
ecryptfs eCryptfs: release mutex on hash error path 2007-11-05 15:12:33 -08:00
efs exportfs: make struct export_operations const 2007-10-22 08:13:21 -07:00
exportfs exportfs: update documentation 2007-10-22 08:13:21 -07:00
ext2 Revert "ext2/ext3/ext4: add block bitmap validation" 2007-11-13 08:09:11 -08:00
ext3 Revert "ext2/ext3/ext4: add block bitmap validation" 2007-11-13 08:09:11 -08:00
ext4 Revert "ext2/ext3/ext4: add block bitmap validation" 2007-11-13 08:09:11 -08:00
fat exportfs: make struct export_operations const 2007-10-22 08:13:21 -07:00
freevxfs mm: Remove slab destructors from kmem_cache_create(). 2007-07-20 10:11:58 +09:00
fuse fuse: add blksize field to fuse_attr 2007-10-18 14:37:31 -07:00
gfs2 exportfs: make struct export_operations const 2007-10-22 08:13:21 -07:00
hfs Slab API: remove useless ctor parameter and reorder parameters 2007-10-17 08:42:45 -07:00
hfsplus Slab API: remove useless ctor parameter and reorder parameters 2007-10-17 08:42:45 -07:00
hostfs uml: fix hostfs style 2007-10-16 09:43:07 -07:00
hpfs Slab API: remove useless ctor parameter and reorder parameters 2007-10-17 08:42:45 -07:00
hppfs
hugetlbfs r/o bind mounts: filesystem helpers for custom 'struct file's 2007-10-17 08:43:04 -07:00
isofs exportfs: make struct export_operations const 2007-10-22 08:13:21 -07:00
jbd JBD: Fix JBD warnings when compiling with CONFIG_JBD_DEBUG 2007-10-19 11:53:35 -07:00
jbd2 JBD2: debug code cleanup. 2007-10-17 18:49:59 -04:00
jffs2 [JFFS2] Prevent return of initialised variable in jffs2_init_acl_post() 2007-10-27 10:36:44 -04:00
jfs exportfs: make struct export_operations const 2007-10-22 08:13:21 -07:00
lockd NFS/SUNRPC: use transport protocol naming 2007-10-09 17:17:53 -04:00
minix limit minixfs printks on corrupted dir i_size 2007-10-17 08:42:53 -07:00
msdos
ncpfs Slab API: remove useless ctor parameter and reorder parameters 2007-10-17 08:42:45 -07:00
nfs NFS: Fix for bug in handling of errors for O_DIRECT writes 2007-10-23 16:41:21 -07:00
nfs_common
nfsd nfsd4: recheck for secure ports in fh_verify 2007-11-12 14:28:08 -08:00
nls sparse pointer use of zero as null 2007-10-18 14:37:31 -07:00
ntfs NTFS: Fix read regression. 2007-11-03 12:27:21 -07:00
ocfs2 [NET]: Add the helper kernel_sock_shutdown() 2007-11-12 18:10:39 -08:00
openpromfs Slab API: remove useless ctor parameter and reorder parameters 2007-10-17 08:42:45 -07:00
partitions fs/partitions/sun.c endianness annotations 2007-10-14 12:41:51 -07:00
proc [NET]: Move unneeded data to initdata section. 2007-11-13 03:23:50 -08:00
qnx4 Slab API: remove useless ctor parameter and reorder parameters 2007-10-17 08:42:45 -07:00
ramfs Remove valueless definition of hard-selected RAMFS option 2007-10-17 08:42:56 -07:00
reiserfs exportfs: make struct export_operations const 2007-10-22 08:13:21 -07:00
romfs fs/romfs/inode.c: trivial improvements 2007-10-17 08:42:47 -07:00
smbfs Slab API: remove useless ctor parameter and reorder parameters 2007-10-17 08:42:45 -07:00
sysfs sysfs: make sysfs_{get,put}_active() static 2007-10-30 21:52:33 -07:00
sysv Slab API: remove useless ctor parameter and reorder parameters 2007-10-17 08:42:45 -07:00
udf fs/udf/balloc.c: mark a variable as uninitialized_var() 2007-10-17 08:43:00 -07:00
ufs revert "ufs: Fix mount check in ufs_fill_super()" 2007-10-30 08:06:55 -07:00
vfat
xfs exportfs: make struct export_operations const 2007-10-22 08:13:21 -07:00
aio.c Remove struct task_struct::io_wait 2007-10-18 14:37:20 -07:00
anon_inodes.c anon-inodes use open coded atomic_inc for the shared inode 2007-10-17 08:43:00 -07:00
attr.c VFS: make notify_change pass ATTR_KILL_S*ID to setattr operations 2007-10-18 14:37:22 -07:00
bad_inode.c
binfmt_aout.c core_pattern: ignore RLIMIT_CORE if core_pattern is a pipe 2007-10-17 08:42:50 -07:00
binfmt_elf_fdpic.c pid namespaces: changes to show virtual ids to user 2007-10-19 11:53:40 -07:00
binfmt_elf.c pid namespaces: changes to show virtual ids to user 2007-10-19 11:53:40 -07:00
binfmt_em86.c Convert files to UTF-8 and some cleanups 2007-10-19 23:21:04 +02:00
binfmt_flat.c binfmt_flat: warning fixes 2007-10-17 08:42:54 -07:00
binfmt_misc.c Convert files to UTF-8 and some cleanups 2007-10-19 23:21:04 +02:00
binfmt_script.c Convert files to UTF-8 and some cleanups 2007-10-19 23:21:04 +02:00
binfmt_som.c core_pattern: ignore RLIMIT_CORE if core_pattern is a pipe 2007-10-17 08:42:50 -07:00
bio.c bio: make freeing of ->bi_io_vec conditional in bio_free() 2007-10-16 11:03:52 +02:00
block_dev.c Slab API: remove useless ctor parameter and reorder parameters 2007-10-17 08:42:45 -07:00
buffer.c nobh: nobh_write_end fix 2007-10-21 08:54:05 -07:00
char_dev.c mm: bdi init hooks 2007-10-17 08:42:45 -07:00
compat_ioctl.c [COMPAT]: Fix new dev_ifname32 returning -EFAULT 2007-10-30 21:29:42 -07:00
compat.c mm: variable length argument support 2007-07-19 10:04:45 -07:00
dcache.c dcache: don't expose uninitialized memory in /proc/<pid>/fd/<fd> 2007-10-22 08:13:18 -07:00
dcookies.c Remove fs.h from mm.h 2007-07-29 17:09:29 -07:00
direct-io.c remove ZERO_PAGE 2007-10-16 09:42:53 -07:00
dnotify.c mm: Remove slab destructors from kmem_cache_create(). 2007-07-20 10:11:58 +09:00
dquot.c quota: send messages via netlink 2007-10-17 08:42:56 -07:00
drop_caches.c invalidate_mapping_pages(): add cond_resched 2007-07-16 09:05:36 -07:00
eventfd.c
eventpoll.c fs/eventpoll.c: use list_for_each_entry() instead of list_for_each() 2007-10-19 11:53:38 -07:00
exec.c core dump: remain dumpable 2007-11-12 10:32:29 -08:00
fcntl.c pid namespaces: changes to show virtual ids to user 2007-10-19 11:53:40 -07:00
fifo.c
file_table.c fs/file_table.c: use list_for_each_entry() instead of list_for_each() 2007-10-19 11:53:38 -07:00
file.c
filesystems.c
fs-writeback.c Use helpers to obtain task pid in printks 2007-10-19 11:53:43 -07:00
generic_acl.c Introduce is_owner_or_cap() to wrap CAP_FOWNER use with fsuid check 2007-07-17 12:00:03 -07:00
inode.c introduce I_SYNC 2007-10-17 08:43:02 -07:00
inotify_user.c change inotifyfs magic as the same magic is used for futexfs 2007-10-17 08:43:00 -07:00
inotify.c [PATCH] new helper - inotify_evict_watch() 2007-10-21 02:37:38 -04:00
internal.h
ioctl.c drop obsolete sys_ioctl export 2007-07-16 09:05:48 -07:00
ioprio.c ioprio: allow sys_ioprio_set() value of 0 to reset ioprio setting 2007-11-07 13:54:07 +01:00
Kconfig Merge git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6 2007-11-12 11:11:39 -08:00
Kconfig.binfmt
libfs.c exportfs: add new methods 2007-10-22 08:13:19 -07:00
locks.c locks: fix possible infinite loop in posix deadlock detection 2007-10-30 09:04:18 -07:00
Makefile Remove valueless definition of hard-selected RAMFS option 2007-10-17 08:42:56 -07:00
mbcache.c fs: Fix to correct the mbcache entries counter 2007-10-25 15:18:29 -07:00
mpage.c mm: buffered write cleanup 2007-10-16 09:42:54 -07:00
namei.c [PATCH] pass dentry to audit_inode()/audit_inode_child() 2007-10-21 02:37:18 -04:00
namespace.c [PATCH] new helpers - collect_mounts() and release_collected_mounts() 2007-10-21 02:37:25 -04:00
nfsctl.c nfsctl: use vfs_path_lookup 2007-07-19 10:04:45 -07:00
no-block.c
open.c [PATCH] pass dentry to audit_inode()/audit_inode_child() 2007-10-21 02:37:18 -04:00
pipe.c sched: affine sync wakeups 2007-10-15 17:00:19 +02:00
pnode.c
pnode.h [PATCH] new helpers - collect_mounts() and release_collected_mounts() 2007-10-21 02:37:25 -04:00
posix_acl.c
quota_v1.c
quota_v2.c
quota.c [IA64] Fix build failure in fs/quota.c 2007-07-27 15:40:13 -07:00
read_write.c Cleanup macros for distinguishing mandatory locks 2007-10-09 18:32:46 -04:00
read_write.h
readdir.c
select.c fs/select, remove unused macros 2007-10-19 11:53:41 -07:00
seq_file.c [FS] seq_file: Introduce the seq_open_private() 2007-10-10 16:55:33 -07:00
signalfd.c rename signalfd_siginfo fields 2007-10-17 08:43:01 -07:00
splice.c Implement file posix capabilities 2007-10-17 08:43:07 -07:00
stack.c
stat.c
super.c Convert files to UTF-8 and some cleanups 2007-10-19 23:21:04 +02:00
sync.c
timerfd.c make timerfd return a u64 and fix the __put_user 2007-07-26 11:35:17 -07:00
utimes.c VFS: check nanoseconds in utimensat 2007-10-17 08:42:52 -07:00
xattr_acl.c
xattr.c [PATCH] pass dentry to audit_inode()/audit_inode_child() 2007-10-21 02:37:18 -04:00