Sophie

Sophie

distrib > Scientific%20Linux > 5x > x86_64 > by-pkgid > 27922b4260f65d317aabda37e42bbbff > files > 468

kernel-2.6.18-238.el5.src.rpm

From: Jeff Layton <jlayton@redhat.com>
Subject: [RHEL5.1 PATCH] CIFS: Fix oops when Windows server sends bad domain name null terminator (BZ 224359)
Date: Mon, 23 Apr 2007 13:16:28 -0400
Bugzilla: 224359
Message-Id: <20070423171626.GA24895@dantu.rdu.redhat.com>
Changelog: [CIFS] Windows server bad domain name null terminator fix


This bug and patch were cloned from an FC6 bug. Apparently, some Windows
servers do not send the correct terminator for unicode domain names in a
session setup response. Under certain conditions (that I've not been able
to determine) they send a single a single NULL byte instead of two. This
throws off the CIFS client parsing of the session setup reponse and ultimately
leads to a panic that looks like the ones in this FC6 BZ:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=211672

I've not heard of anyone reporting this issue in RHEL5, but the code there
appears to have the same bug. This patch reportedly fixed this problem for
several people running fedora kernels. While I don't have a way to really
reproduce this, a couple of IBM employees (including the CIFS maintainer)
have recommended that we include this patch in RHEL5.

ACKs or comments appreciated...

commit 8e6f195af0e1f226e9b2e0256af8df46adb9d595
Author: Steve French <sfrench@us.ibm.com>

    [CIFS] Fix oops when Windows server sent bad domain name null terminator
    
    Fixes RedHat bug 211672
    
    Windows sends one byte (instead of two) of null to terminate final Unicode
    string (domain name) in session setup response in some cases - this caused
    cifs to misalign some informational strings (making it hard to convert
    from UCS16 to UTF8).
    
    Thanks to Shaggy for his help and Akemi Yagi for debugging/testing
    
    Signed-off-by: Shirish Pargaonkar <shirishp@us.ibm.com>
    Signed-off-by: Steve French <sfrench@us.ibm.com>

diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
index bbdda99..7584646 100644
--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c
@@ -182,11 +182,14 @@ static int decode_unicode_ssetup(char ** pbcc_area, int bleft, struct cifsSesInf
 	cFYI(1,("bleft %d",bleft));
 
 
-	/* word align, if bytes remaining is not even */
-	if(bleft % 2) {
-		bleft--;
-		data++;
-	}
+	/* SMB header is unaligned, so cifs servers word align start of
+	   Unicode strings */
+	data++;
+	bleft--; /* Windows servers do not always double null terminate
+		    their final Unicode string - in which case we
+		    now will not attempt to decode the byte of junk
+		    which follows it */
+		    
 	words_left = bleft / 2;
 
 	/* save off server operating system */

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional