mirror of
https://github.com/torvalds/linux.git
synced 2024-11-21 19:41:42 +00:00
cifs: Check for UTF-16 null codepoint in SFU symlink target location
Check that read buffer of SFU symlink target location does not contain
UTF-16 null codepoint (via UniStrnlen() call) because Linux cannot process
symlink with null byte, it truncates everything in buffer after null byte.
Fixes: cf2ce67345
("cifs: Add support for reading SFU symlink location")
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
This commit is contained in:
parent
9852d85ec9
commit
a9023656bc
@ -629,10 +629,16 @@ cifs_sfu_type(struct cifs_fattr *fattr, const char *path,
|
||||
&symlink_len_utf16,
|
||||
&symlink_buf_utf16,
|
||||
&buf_type);
|
||||
/*
|
||||
* Check that read buffer has valid length and does not
|
||||
* contain UTF-16 null codepoint (via UniStrnlen() call)
|
||||
* because Linux cannot process symlink with null byte.
|
||||
*/
|
||||
if ((rc == 0) &&
|
||||
(symlink_len_utf16 > 0) &&
|
||||
(symlink_len_utf16 < fattr->cf_eof-8 + 1) &&
|
||||
(symlink_len_utf16 % 2 == 0)) {
|
||||
(symlink_len_utf16 % 2 == 0) &&
|
||||
(UniStrnlen((wchar_t *)symlink_buf_utf16, symlink_len_utf16/2) == symlink_len_utf16/2)) {
|
||||
fattr->cf_symlink_target =
|
||||
cifs_strndup_from_utf16(symlink_buf_utf16,
|
||||
symlink_len_utf16,
|
||||
|
Loading…
Reference in New Issue
Block a user