diff options
author | Steve French <smfrench@austin.rr.com> | 2005-04-28 22:41:08 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@ppc970.osdl.org> | 2005-04-28 22:41:08 -0700 |
commit | 09d1db5c6131232f764046160c29118cd4e5e646 (patch) | |
tree | 198d0b03c0afa7974cd6dcea4e711351f4e056eb /fs/cifs/readdir.c | |
parent | 966ca9234754ece58870075972ef103e354de075 (diff) | |
download | op-kernel-dev-09d1db5c6131232f764046160c29118cd4e5e646.zip op-kernel-dev-09d1db5c6131232f764046160c29118cd4e5e646.tar.gz |
[PATCH] cifs: improve check for search entry going beyond end of SMB transact
Signed-off-by: Steve French (sfrench@us.ibm.com)
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'fs/cifs/readdir.c')
-rw-r--r-- | fs/cifs/readdir.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/fs/cifs/readdir.c b/fs/cifs/readdir.c index 39170cf..2255771 100644 --- a/fs/cifs/readdir.c +++ b/fs/cifs/readdir.c @@ -409,10 +409,15 @@ static char *nxt_dir_entry(char *old_entry, char *end_of_smb) cFYI(1,("new entry %p old entry %p",new_entry,old_entry)); /* validate that new_entry is not past end of SMB */ if(new_entry >= end_of_smb) { - cFYI(1,("search entry %p began after end of SMB %p old entry %p", - new_entry,end_of_smb,old_entry)); + cERROR(1, + ("search entry %p began after end of SMB %p old entry %p", + new_entry, end_of_smb, old_entry)); return NULL; - } else + } else if (new_entry + sizeof(FILE_DIRECTORY_INFO) > end_of_smb) { + cERROR(1,("search entry %p extends after end of SMB %p", + new_entry, end_of_smb)); + return NULL; + } else return new_entry; } |