| Message ID | 1370901873-12800-1-git-send-email-kamal@canonical.com |
|---|---|
| State | New |
| Headers | show |
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index f7199b9..c70d31a 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -3316,8 +3316,8 @@ build_unc_path_to_root(const struct smb_vol *vol, pos = full_path + unc_len; if (pplen) { - *pos++ = CIFS_DIR_SEP(cifs_sb); - strncpy(pos, vol->prepath, pplen); + *pos = CIFS_DIR_SEP(cifs_sb); + strncpy(pos + 1, vol->prepath, pplen); pos += pplen; }
This is a note to let you know that I have just added a patch titled cifs: fix off-by-one bug in build_unc_path_to_root to the linux-3.8.y-queue branch of the 3.8.y.z extended stable tree which can be found at: http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.8.y-queue This patch is scheduled to be released in version 3.8.13.3. If you, or anyone else, feels it should not be added to this tree, please reply to this email. For more information about the 3.8.y.z tree, see https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable Thanks. -Kamal ------ From ca99527f894ceb174ac9c7fc32a6f832d282d761 Mon Sep 17 00:00:00 2001 From: Jeff Layton <jlayton@redhat.com> Date: Fri, 31 May 2013 10:00:18 -0400 Subject: cifs: fix off-by-one bug in build_unc_path_to_root commit 1fc29bacedeabb278080e31bb9c1ecb49f143c3b upstream. commit 839db3d10a (cifs: fix up handling of prefixpath= option) changed the code such that the vol->prepath no longer contained a leading delimiter and then fixed up the places that accessed that field to account for that change. One spot in build_unc_path_to_root was missed however. When doing the pointer addition on pos, that patch failed to account for the fact that we had already incremented "pos" by one when adding the length of the prepath. This caused a buffer overrun by one byte. This patch fixes the problem by correcting the handling of "pos". Reported-by: Marcus Moeller <marcus.moeller@gmx.ch> Reported-by: Ken Fallon <ken.fallon@gmail.com> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com> --- fs/cifs/connect.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- 1.8.1.2