commit
01b9b0b28626db4a47d7f48744d70abca9914ef1 upstream.
In some cases tmp_bug can be not filled in cifs_filldir and stay uninitialized,
therefore its printk with "%s" modifier can leak content of kernelspace memory.
If old content of this buffer does not contain '\0' access bejond end of
allocated object can crash the host.
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Signed-off-by: Steve French <sfrench@localhost.localdomain>
[bwh: Backported to 3.2: adjust context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
}
/* if buggy server returns . and .. late do
we want to check for that here? */
}
/* if buggy server returns . and .. late do
we want to check for that here? */
rc = cifs_filldir(current_entry, file,
filldir, direntry, tmp_buf, max_len);
if (rc == -EOVERFLOW) {
rc = cifs_filldir(current_entry, file,
filldir, direntry, tmp_buf, max_len);
if (rc == -EOVERFLOW) {