From patchwork Tue Oct 4 14:59:49 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: [lucid/fsl-imx51, maverick/ti-omap4, CVE, 1/2] cifs: always do is_path_accessible check in cifs_mount Date: Tue, 04 Oct 2011 04:59:49 -0000 From: Andy Whitcroft X-Patchwork-Id: 117645 Message-Id: <1317740391-16788-2-git-send-email-apw@canonical.com> To: kernel-team@lists.ubuntu.com Cc: Andy Whitcroft From: Jeff Layton Currently, we skip doing the is_path_accessible check in cifs_mount if there is no prefixpath. I have a report of at least one server however that allows a TREE_CONNECT to a share that has a DFS referral at its root. The reporter in this case was using a UNC that had no prefixpath, so the is_path_accessible check was not triggered and the box later hit a BUG() because we were chasing a DFS referral on the root dentry for the mount. This patch fixes this by removing the check for a zero-length prefixpath. That should make the is_path_accessible check be done in this situation and should allow the client to chase the DFS referral at mount time instead. Cc: stable@kernel.org Reported-and-Tested-by: Yogesh Sharma Signed-off-by: Jeff Layton Signed-off-by: Steve French (cherry picked from commit 70945643722ffeac779d2529a348f99567fa5c33) CVE-2011-3363 BugLink: http://bugs.launchpad.net/bugs/866034 Signed-off-by: Andy Whitcroft --- fs/cifs/connect.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index 08a44ca..f4e13d6 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -2512,7 +2512,7 @@ try_mount_again: remote_path_check: /* check if a whole path (including prepath) is not remote */ - if (!rc && cifs_sb->prepathlen && tcon) { + if (!rc && tcon) { /* build_path_to_root works only when we have a valid tcon */ full_path = cifs_build_path_to_root(cifs_sb); if (full_path == NULL) {