[CVE-2011-3363] avoid panic on null CIFS prefix
Andy Whitcroft
apw at canonical.com
Tue Oct 4 14:59:48 UTC 2011
CVE-2011-3363
Currently, we skip doing the is_path_accessible check in cifs_mount
if there is no prefixpath. There is a report of at least one
server however that allows a TREE_CONNECT to a share that has a
DFS referral at its root. UNC that had no prefixpath was used in
that case, so the is_path_accessible check was not triggered and
the box later hit a BUG() because we were chasing a DFS referral
on the root dentry for the mount.
The primary fix is to reinstate the prefix check, however this fix
attempts to utilise functionality not available in very old servers.
There is an additional fix to fallback to more primative actions in this
case.
The primary fix for this issue has hit most of our branches via
mainline and stable. It is still required for lucid/fsl-imx51 and
maverick/ti-omap4. The additional fix is required for lucid/fsl-imx51,
maverick/ti-omap4, maverick, and natty/ti-omap4. Following this email are
two patch sets one for lucid/fsl-imx51 and maverick/ti-omap4, the other for
maverick and natty/ti-omap4. In all cases the patches are cherry-picks.
Proposing for lucid/fsl-imx51, maverick/ti-omap4, maverick, and
natty/ti-omap4.
-apw
More information about the kernel-team
mailing list