http://bugzilla.novell.com/show_bug.cgi?id=492282
User meissner@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=492282#c2
Marcus Meissner changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|fs/cifs/connect.c silent |VUL-0: kernel:
|fix |fs/cifs/connect.c silent
| |fix
--- Comment #2 from Marcus Meissner 2009-04-05 04:00:58 MDT ---
I alreadu mailed oss-sec and security@kernel.org.
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.29.y.git;a=commit...
Fixes a kmalloc area overflow in CIFS, number of overwritten bytes
is depending on the codepage converted to.
The data seems to come from a remote generated reply blob even, correct
me if I am wrong. :/
Checking our enterprise distro kernels it seems to cover most of the
2.6 kernel range...
2.6.27 has the same code, 2.6.16 too, 2.6.5 too.
And I wonder if "len*2" is sufficient, can't a UCS -> UTF8 conversion
generate more than 2 byte utf-8 characters for 1 ucs character?
--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.