]> www.infradead.org Git - users/jedix/linux-maple.git/commitdiff
projects / users / jedix / linux-maple.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9852d85)
cifs: Check for UTF-16 null codepoint in SFU symlink target location
authorPali Rohár <pali@kernel.org>
Fri, 27 Sep 2024 18:20:39 +0000 (20:20 +0200)
committerSteve French <stfrench@microsoft.com>
Sun, 29 Sep 2024 22:28:40 +0000 (17:28 -0500)
Check that read buffer of SFU symlink target location does not contain
UTF-16 null codepoint (via UniStrnlen() call) because Linux cannot process
symlink with null byte, it truncates everything in buffer after null byte.

Fixes: cf2ce67345d6 ("cifs: Add support for reading SFU symlink location")
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
fs/smb/client/inode.c patch | blob | history

diff --git a/fs/smb/client/inode.c b/fs/smb/client/inode.c
index 647f9bedd9fc44c9225f2494c6913a795c2fd6ad..eff3f57235eef3212fa9f7e510335baeecda4485 100644 (file)
--- a/fs/smb/client/inode.c
+++ b/fs/smb/client/inode.c
@@ -629,10 +629,16 @@ cifs_sfu_type(struct cifs_fattr *fattr, const char *path,
                                                                               &symlink_len_utf16,
                                                                               &symlink_buf_utf16,
                                                                               &buf_type);
+                                       /*
+                                        * Check that read buffer has valid length and does not
+                                        * contain UTF-16 null codepoint (via UniStrnlen() call)
+                                        * because Linux cannot process symlink with null byte.
+                                        */
                                        if ((rc == 0) &&
                                            (symlink_len_utf16 > 0) &&
                                            (symlink_len_utf16 < fattr->cf_eof-8 + 1) &&
-                                           (symlink_len_utf16 % 2 == 0)) {
+                                           (symlink_len_utf16 % 2 == 0) &&
+                                           (UniStrnlen((wchar_t *)symlink_buf_utf16, symlink_len_utf16/2) == symlink_len_utf16/2)) {
                                                fattr->cf_symlink_target =
                                                        cifs_strndup_from_utf16(symlink_buf_utf16,
                                                                                symlink_len_utf16,
Unnamed repository; edit this file 'description' to name the repository.