3.13.11-ckt34 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------ From: Vasily Averin <[email protected]> commit 01b9b0b28626db4a47d7f48744d70abca9914ef1 upstream. In some cases tmp_bug can be not filled in cifs_filldir and stay uninitialized, therefore its printk with "%s" modifier can leak content of kernelspace memory. If old content of this buffer does not contain '\0' access bejond end of allocated object can crash the host. Signed-off-by: Vasily Averin <[email protected]> Signed-off-by: Steve French <[email protected]> Signed-off-by: Kamal Mostafa <[email protected]> --- fs/cifs/readdir.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/cifs/readdir.c b/fs/cifs/readdir.c index e327a92..5454aff 100644 --- a/fs/cifs/readdir.c +++ b/fs/cifs/readdir.c @@ -849,6 +849,7 @@ int cifs_readdir(struct file *file, struct dir_context *ctx) * if buggy server returns . and .. late do we want to * check for that here? */ + *tmp_buf = 0; rc = cifs_filldir(current_entry, file, ctx, tmp_buf, max_len); if (rc) { -- 1.9.1
