From: <Urban.Widmark@enlight.net>

The memset is because it was previously possible to send always the same CIFS
fragment and use this to increase the data counters.  When the data counter
"exceeds" the amount of bytes expected this will return the buffer only
partially initialised...  With findfirst etc requests this should allow
leaking kernel memory content.

The other thing is that the data is only returned when data_tot and parm_tot
both "exceed" the expected values.  Previously it was possible to create a
sequence of CIFS fragments that allowed exceeding the counters.  The calling
functions then would believe they received a number of bytes that does not fit
into the allocated buffer.
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>