Commit a9023656 authored by Pali Rohár's avatar Pali Rohár Committed by Steve French
Browse files

cifs: Check for UTF-16 null codepoint in SFU symlink target location 



Check that read buffer of SFU symlink target location does not contain
UTF-16 null codepoint (via UniStrnlen() call) because Linux cannot process
symlink with null byte, it truncates everything in buffer after null byte.

Fixes: cf2ce673 ("cifs: Add support for reading SFU symlink location")
Signed-off-by: default avatarPali Rohár <pali@kernel.org>
Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
parent 9852d85e

fs/smb/client/inode.c

+7 −1
Original line number Diff line number Diff line
@@ -629,10 +629,16 @@ cifs_sfu_type(struct cifs_fattr *fattr, const char *path, 
									       &symlink_len_utf16,

									       &symlink_buf_utf16,

									       &buf_type);

					/*

					 * Check that read buffer has valid length and does not

					 * contain UTF-16 null codepoint (via UniStrnlen() call)

					 * because Linux cannot process symlink with null byte.

					 */

					if ((rc == 0) &&

					    (symlink_len_utf16 > 0) &&

					    (symlink_len_utf16 < fattr->cf_eof-8 + 1) &&

					    (symlink_len_utf16 % 2 == 0)) {

					    (symlink_len_utf16 % 2 == 0) &&

					    (UniStrnlen((wchar_t *)symlink_buf_utf16, symlink_len_utf16/2) == symlink_len_utf16/2)) {

						fattr->cf_symlink_target =

							cifs_strndup_from_utf16(symlink_buf_utf16,

										symlink_len_utf16,