mirror of https://gitee.com/openkylin/linux.git
cifs_dbg() outputs an uninitialized buffer in cifs_readdir()
In some cases tmp_bug can be not filled in cifs_filldir and stay uninitialized, therefore its printk with "%s" modifier can leak content of kernelspace memory. If old content of this buffer does not contain '\0' access bejond end of allocated object can crash the host. Signed-off-by: Vasily Averin <vvs@virtuozzo.com> Signed-off-by: Steve French <sfrench@localhost.localdomain> CC: Stable <stable@vger.kernel.org>
This commit is contained in:
parent
820962dc70
commit
01b9b0b286
|
@ -847,6 +847,7 @@ int cifs_readdir(struct file *file, struct dir_context *ctx)
|
|||
* if buggy server returns . and .. late do we want to
|
||||
* check for that here?
|
||||
*/
|
||||
*tmp_buf = 0;
|
||||
rc = cifs_filldir(current_entry, file, ctx,
|
||||
tmp_buf, max_len);
|
||||
if (rc) {
|
||||
|
|
Loading…
Reference in New Issue