Unverified Commit 25340e11 authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!15749 CVE-2025-21963 && CVE-2025-21964 

Merge Pull Request from: @ci-robot 
 
PR sync from: Li Lingfeng <lilingfeng3@huawei.com>
https://mailweb.openeuler.org/archives/list/kernel@openeuler.org/message/C6P2Z3DXSNNAQKTGL4AIHXZJVXBPJXMX/ 
CVE-2025-21963 && CVE-2025-21964

Murad Masimov (2):
  cifs: Fix integer overflow while processing acregmax mount option
  cifs: Fix integer overflow while processing acdirmax mount option

 
https://gitee.com/src-openeuler/kernel/issues/IBY44A
https://gitee.com/src-openeuler/kernel/issues/IBY42B 
 
Link:https://gitee.com/openeuler/kernel/pulls/15749

 

Reviewed-by: default avatarZhang Peng <zhangpeng362@huawei.com>
Signed-off-by: default avatarZhang Peng <zhangpeng362@huawei.com>
parents 70d4c93a ba271ca4

fs/smb/client/fs_context.c

+4 −4
Original line number Diff line number Diff line
@@ -1262,18 +1262,18 @@ static int smb3_fs_context_parse_param(struct fs_context *fc, 
		}

		break;

	case Opt_acregmax:

		ctx->acregmax = HZ * result.uint_32;

		if (ctx->acregmax > CIFS_MAX_ACTIMEO) {

		if (result.uint_32 > CIFS_MAX_ACTIMEO / HZ) {

			cifs_errorf(fc, "acregmax too large\n");

			goto cifs_parse_mount_err;

		}

		ctx->acregmax = HZ * result.uint_32;

		break;

	case Opt_acdirmax:

		ctx->acdirmax = HZ * result.uint_32;

		if (ctx->acdirmax > CIFS_MAX_ACTIMEO) {

		if (result.uint_32 > CIFS_MAX_ACTIMEO / HZ) {

			cifs_errorf(fc, "acdirmax too large\n");

			goto cifs_parse_mount_err;

		}

		ctx->acdirmax = HZ * result.uint_32;

		break;

	case Opt_actimeo:

		if (HZ * result.uint_32 > CIFS_MAX_ACTIMEO) {