Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-12 23:23:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

cifs: Check for UTF-16 null codepoint in SFU symlink target location

Browse Source 
Check that read buffer of SFU symlink target location does not contain
UTF-16 null codepoint (via UniStrnlen() call) because Linux cannot process
symlink with null byte, it truncates everything in buffer after null byte.

Fixes: cf2ce67345 ("cifs: Add support for reading SFU symlink location")
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
This commit is contained in:
Pali Rohár 2024-09-27 20:20:39 +02:00 committed by Steve French
parent 9852d85ec9
commit a9023656bc
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
fs/smb/client/inode.c
View File

@ -629,10 +629,16 @@ cifs_sfu_type(struct cifs_fattr *fattr, const char *path,
&symlink_len_utf16,
&symlink_buf_utf16,
&buf_type);
/*
* Check that read buffer has valid length and does not
* contain UTF-16 null codepoint (via UniStrnlen() call)
* because Linux cannot process symlink with null byte.
*/
if ((rc == 0) &&
(symlink_len_utf16 > 0) &&
(symlink_len_utf16 < fattr->cf_eof-8 + 1) &&
(symlink_len_utf16 % 2 == 0)) {
(symlink_len_utf16 % 2 == 0) &&
(UniStrnlen((wchar_t *)symlink_buf_utf16, symlink_len_utf16/2) == symlink_len_utf16/2)) {
fattr->cf_symlink_target =
cifs_strndup_from_utf16(symlink_buf_utf16,
symlink_len_utf16,