Yes, there are two issues that got mixed up in this single bug report. 1) strcat
Imho there are not many ways strcat could overflow in that single function. My patch (especially the strncpy()) should fix the buffer overflow and thereby my inititial issue. Your solution still had that strcat overflow (see #15). 2) null pointer dereference (and everything else) Pavel already wrote "The patch itself is fine but I think we have a bigger problem here". https://patchwork.kernel.org/patch/10931327/#22623923 Regarding your patch: You only used mutex_lock() in smb21_set_oplock_level(). What about other functions changing (or removing) that locked cinode. Does the kernel protect against this or has mutex_lock() to be used in any function operating on cinode? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1824981 Title: cifs set_oplock buffer overflow in strcat To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1824981/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
