Unverified Commit c67d418d authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!12551 cifs: Fix buffer overflow when parsing NFS reparse points 

Merge Pull Request from: @ci-robot 
 
PR sync from: Long Li <leo.lilong@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/6KMNND37J6ZHTQ57AWDEOEQHSTRMVGGW/ 
 
https://gitee.com/src-openeuler/kernel/issues/IAYRA3 
 
Link:https://gitee.com/openeuler/kernel/pulls/12551

 

Reviewed-by: default avatarYang Yingliang <yangyingliang@huawei.com>
Signed-off-by: default avatarYang Yingliang <yangyingliang@huawei.com>
parents dd61f73e 4029e1ea

fs/cifs/smb2ops.c

+6 −0
Original line number Diff line number Diff line
@@ -2809,6 +2809,12 @@ parse_reparse_posix(struct reparse_posix_data *symlink_buf, 


	/* See MS-FSCC 2.1.2.6 for the 'NFS' style reparse tags */

	len = le16_to_cpu(symlink_buf->ReparseDataLength);

	if (len < sizeof(symlink_buf->InodeType)) {

		cifs_dbg(VFS, "srv returned malformed nfs buffer\n");

		return -EIO;

	}



	len -= sizeof(symlink_buf->InodeType);



	if (le64_to_cpu(symlink_buf->InodeType) != NFS_SPECFILE_LNK) {

		cifs_dbg(VFS, "%lld not a supported symlink type\n",