cifs: fix integer overflow in match_server() - kernel/linux.git

diff options

author	Roman Smirnov <r.smirnov@omp.ru>	2025-09-07 18:08:36 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2025-09-09 19:44:02 +0300
commit	1be4500cfa60c0d40576188f82c53cef03181b8a (patch)
tree	7c9a80c73169867fc98fe46802ad0f806b2d0361 /tools/perf/scripts/python/stackcollapse.py
parent	72c8557e0f446ad119c71b51ccef2098d5bbefbc (diff)
download	linux-1be4500cfa60c0d40576188f82c53cef03181b8a.tar.xz

cifs: fix integer overflow in match_server()

[ Upstream commit 2510859475d7f46ed7940db0853f3342bf1b65ee ] The echo_interval is not limited in any way during mounting, which makes it possible to write a large number to it. This can cause an overflow when multiplying ctx->echo_interval by HZ in match_server(). Add constraints for echo_interval to smb3_fs_context_parse_param(). Found by Linux Verification Center (linuxtesting.org) with Svace. Fixes: adfeb3e00e8e1 ("cifs: Make echo interval tunable") Cc: stable@vger.kernel.org Signed-off-by: Roman Smirnov <r.smirnov@omp.ru> Signed-off-by: Steve French <stfrench@microsoft.com> [ Adapted to older CIFS filesystem structure and mount option parsing ] Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'tools/perf/scripts/python/stackcollapse.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: