3.2.77-rc1 review patch. If anyone has any objections, please let me know.
------------------ From: Vasily Averin <[email protected]> commit 01b9b0b28626db4a47d7f48744d70abca9914ef1 upstream. In some cases tmp_bug can be not filled in cifs_filldir and stay uninitialized, therefore its printk with "%s" modifier can leak content of kernelspace memory. If old content of this buffer does not contain '\0' access bejond end of allocated object can crash the host. Signed-off-by: Vasily Averin <[email protected]> Signed-off-by: Steve French <[email protected]> [bwh: Backported to 3.2: adjust context] Signed-off-by: Ben Hutchings <[email protected]> --- fs/cifs/readdir.c | 1 + 1 file changed, 1 insertion(+) --- a/fs/cifs/readdir.c +++ b/fs/cifs/readdir.c @@ -823,6 +823,7 @@ int cifs_readdir(struct file *file, void } /* if buggy server returns . and .. late do we want to check for that here? */ + *tmp_buf = 0; rc = cifs_filldir(current_entry, file, filldir, direntry, tmp_buf, max_len); if (rc == -EOVERFLOW) {
