APPLIED: [CVE-2011-3363] avoid panic on null CIFS prefix
Tim Gardner
tim.gardner at canonical.com
Tue Oct 4 17:45:57 UTC 2011
On 10/04/2011 08:59 AM, Andy Whitcroft wrote:
> CVE-2011-3363
> Currently, we skip doing the is_path_accessible check in cifs_mount
> if there is no prefixpath. There is a report of at least one
> server however that allows a TREE_CONNECT to a share that has a
> DFS referral at its root. UNC that had no prefixpath was used in
> that case, so the is_path_accessible check was not triggered and
> the box later hit a BUG() because we were chasing a DFS referral
> on the root dentry for the mount.
>
> The primary fix is to reinstate the prefix check, however this fix
> attempts to utilise functionality not available in very old servers.
> There is an additional fix to fallback to more primative actions in this
> case.
>
> The primary fix for this issue has hit most of our branches via
> mainline and stable. It is still required for lucid/fsl-imx51 and
> maverick/ti-omap4. The additional fix is required for lucid/fsl-imx51,
> maverick/ti-omap4, maverick, and natty/ti-omap4. Following this email are
> two patch sets one for lucid/fsl-imx51 and maverick/ti-omap4, the other for
> maverick and natty/ti-omap4. In all cases the patches are cherry-picks.
>
> Proposing for lucid/fsl-imx51, maverick/ti-omap4, maverick, and
> natty/ti-omap4.
>
> -apw
>
--
Tim Gardner tim.gardner at canonical.com
More information about the kernel-team
mailing list