releases/3.3.6/fs-cifs-fix-parsing-of-dfs-referrals.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From d8f2799b105a24bb0bbd3380a0d56e6348484058 Mon Sep 17 00:00:00 2001
 From: Stefan Metzmacher <metze@samba.org>
 Date: Fri, 4 May 2012 00:19:28 +0200
 Subject: fs/cifs: fix parsing of dfs referrals
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit

 From: Stefan Metzmacher <metze@samba.org>

 commit d8f2799b105a24bb0bbd3380a0d56e6348484058 upstream.

 The problem was that the first referral was parsed more than once
 and so the caller tried the same referrals multiple times.

 The problem was introduced partly by commit
 066ce6899484d9026acd6ba3a8dbbedb33d7ae1b,
 where 'ref += le16_to_cpu(ref->Size);' got lost,
 but that was also wrong...

 Signed-off-by: Stefan Metzmacher <metze@samba.org>
 Tested-by: Björn Jacke <bj@sernet.de>
 Reviewed-by: Jeff Layton <jlayton@redhat.com>
 Signed-off-by: Steve French <sfrench@us.ibm.com>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 ---
  fs/cifs/cifssmb.c |    6 +++++-
  1 file changed, 5 insertions(+), 1 deletion(-)

 --- a/fs/cifs/cifssmb.c
 +++ b/fs/cifs/cifssmb.c
 @@ -4831,8 +4831,12 @@ parse_DFS_referrals(TRANSACTION2_GET_DFS
  		max_len = data_end - temp;
  		node->node_name = cifs_strndup_from_utf16(temp, max_len,
  						is_unicode, nls_codepage);
 -		if (!node->node_name)
 +		if (!node->node_name) {
  			rc = -ENOMEM;
 +			goto parse_DFS_referrals_exit;
 +		}
 +
 +		ref++;
  	}

  parse_DFS_referrals_exit:
	From d8f2799b105a24bb0bbd3380a0d56e6348484058 Mon Sep 17 00:00:00 2001
	From: Stefan Metzmacher <metze@samba.org>
	Date: Fri, 4 May 2012 00:19:28 +0200
	Subject: fs/cifs: fix parsing of dfs referrals
	MIME-Version: 1.0
	Content-Type: text/plain; charset=UTF-8
	Content-Transfer-Encoding: 8bit

	From: Stefan Metzmacher <metze@samba.org>

	commit d8f2799b105a24bb0bbd3380a0d56e6348484058 upstream.

	The problem was that the first referral was parsed more than once
	and so the caller tried the same referrals multiple times.

	The problem was introduced partly by commit
	066ce6899484d9026acd6ba3a8dbbedb33d7ae1b,
	where 'ref += le16_to_cpu(ref->Size);' got lost,
	but that was also wrong...

	Signed-off-by: Stefan Metzmacher <metze@samba.org>
	Tested-by: Björn Jacke <bj@sernet.de>
	Reviewed-by: Jeff Layton <jlayton@redhat.com>
	Signed-off-by: Steve French <sfrench@us.ibm.com>
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

	---
	fs/cifs/cifssmb.c \| 6 +++++-
	1 file changed, 5 insertions(+), 1 deletion(-)

	--- a/fs/cifs/cifssmb.c
	+++ b/fs/cifs/cifssmb.c
	@@ -4831,8 +4831,12 @@ parse_DFS_referrals(TRANSACTION2_GET_DFS
	max_len = data_end - temp;
	node->node_name = cifs_strndup_from_utf16(temp, max_len,
	is_unicode, nls_codepage);
	- if (!node->node_name)
	+ if (!node->node_name) {
	rc = -ENOMEM;
	+ goto parse_DFS_referrals_exit;
	+ }
	+
	+ ref++;
	}

	parse_DFS_referrals_exit: