• Ronnie Sahlberg's avatar
    cifs: fix crash querying symlinks stored as reparse-points · 5de254dc
    Ronnie Sahlberg authored
    We never parsed/returned any data from .get_link() when the object is a windows reparse-point
    containing a symlink. This results in the VFS layer oopsing accessing an uninitialized buffer:
    
    ...
    [  171.407172] Call Trace:
    [  171.408039]  readlink_copy+0x29/0x70
    [  171.408872]  vfs_readlink+0xc1/0x1f0
    [  171.409709]  ? readlink_copy+0x70/0x70
    [  171.410565]  ? simple_attr_release+0x30/0x30
    [  171.411446]  ? getname_flags+0x105/0x2a0
    [  171.412231]  do_readlinkat+0x1b7/0x1e0
    [  171.412938]  ? __ia32_compat_sys_newfstat+0x30/0x30
    ...
    
    Fix this by adding code to handle these buffers and make sure we do return a valid buffer
    to .get_link()
    
    CC: Stable <stable@vger.kernel.org>
    Signed-off-by: default avatarRonnie Sahlberg <lsahlber@redhat.com>
    Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
    5de254dc
smb2pdu.h 46.3 KB