[PATCH] cifs: improve check for search entry going beyond end of SMB transact Signed-off-by: Steve French (sfrench@us.ibm.com) Signed-off-by: Linus Torvalds <torvalds@osdl.org>

commit: 09d1db5c6131232f764046160c29118cd4e5e646 [log] [tgz]
author: Steve French <smfrench@austin.rr.com> Thu Apr 28 22:41:08 2005 -0700
committer: Linus Torvalds <torvalds@ppc970.osdl.org> Thu Apr 28 22:41:08 2005 -0700
tree: 198d0b03c0afa7974cd6dcea4e711351f4e056eb
parent: 966ca9234754ece58870075972ef103e354de075 [diff] [blame]
diff --git a/fs/cifs/readdir.c b/fs/cifs/readdir.c
index 39170cf..2255771 100644
--- a/fs/cifs/readdir.c
+++ b/fs/cifs/readdir.c

@@ -409,10 +409,15 @@
 	cFYI(1,("new entry %p old entry %p",new_entry,old_entry));
 	/* validate that new_entry is not past end of SMB */
 	if(new_entry >= end_of_smb) {
-		cFYI(1,("search entry %p began after end of SMB %p old entry %p",
-			new_entry,end_of_smb,old_entry)); 
+		cERROR(1,
+		      ("search entry %p began after end of SMB %p old entry %p",
+			new_entry, end_of_smb, old_entry)); 
 		return NULL;
-	} else
+	} else if (new_entry + sizeof(FILE_DIRECTORY_INFO) > end_of_smb) {
+		cERROR(1,("search entry %p extends after end of SMB %p",
+			new_entry, end_of_smb));
+		return NULL;
+	} else 
 		return new_entry;
 
 }
commit	09d1db5c6131232f764046160c29118cd4e5e646	[log] [tgz]
author	Steve French <smfrench@austin.rr.com>	Thu Apr 28 22:41:08 2005 -0700
committer	Linus Torvalds <torvalds@ppc970.osdl.org>	Thu Apr 28 22:41:08 2005 -0700
tree	198d0b03c0afa7974cd6dcea4e711351f4e056eb
parent	966ca9234754ece58870075972ef103e354de075 [diff] [blame]