[PATCH 0/2] cifs: fix integer overflow in match_server()

From: Roman Smirnov
Date: Mon Mar 31 2025 - 04:23:45 EST

Next message: Roman Smirnov: "[PATCH 1/2] cifs: fix integer overflow in match_server()"
Previous message: Wolfram Sang: "Re: [PATCH 3/5] mmc: core: Convert into an enum for the poweroff-type for eMMC"
Next in thread: Roman Smirnov: "[PATCH 1/2] cifs: fix integer overflow in match_server()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

If a large number is written to echo_interval during mount,
an integer overflow may occur in match_server():

smb3_fs_context_parse_param()

cifs_smb3_do_mount()
sget()
cifs_match_super()
match_server()

Found by Linux Verification Center (linuxtesting.org) with Svace.

Roman Smirnov (2):
cifs: fix integer overflow in match_server()
cifs: remove unreachable code in cifs_get_tcp_session()

fs/smb/client/connect.c | 6 +-----
fs/smb/client/fs_context.c | 5 +++++
2 files changed, 6 insertions(+), 5 deletions(-)

--
2.34.1

Next message: Roman Smirnov: "[PATCH 1/2] cifs: fix integer overflow in match_server()"
Previous message: Wolfram Sang: "Re: [PATCH 3/5] mmc: core: Convert into an enum for the poweroff-type for eMMC"
Next in thread: Roman Smirnov: "[PATCH 1/2] cifs: fix integer overflow in match_server()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]