From 91d065c47317cd5f6577fa077cca3383c8d9243d Mon Sep 17 00:00:00 2001 From: Jeff Layton Date: Tue, 26 Jul 2011 18:23:47 -0400 Subject: [PATCH] cifs: fix name parsing in CIFSSMBQAllEAs The code that matches EA names in CIFSSMBQAllEAs is incorrect. It uses strncmp to do the comparison with the length limited to the name_len sent in the response. Problem: Suppose we're looking for an attribute named "foobar" and have an attribute before it in the EA list named "foo". The comparison will succeed since we're only looking at the first 3 characters. Fix this by also comparing the length of the provided ea_name with the name_len in the response. If they're not equal then it shouldn't match. Reported-by: Jian Li Signed-off-by: Jeff Layton Reviewed-by: Pavel Shilovsky Signed-off-by: Steve French --- fs/cifs/cifssmb.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c index 1a9fe7f816d1..0580da1cf34c 100644 --- a/fs/cifs/cifssmb.c +++ b/fs/cifs/cifssmb.c @@ -5720,6 +5720,7 @@ CIFSSMBQAllEAs(const int xid, struct cifs_tcon *tcon, char *temp_ptr; char *end_of_smb; __u16 params, byte_count, data_offset; + unsigned int ea_name_len; cFYI(1, "In Query All EAs path %s", searchName); QAllEAsRetry: @@ -5814,6 +5815,10 @@ QAllEAsRetry: list_len -= 4; temp_fea = ea_response_data->list; temp_ptr = (char *)temp_fea; + + if (ea_name) + ea_name_len = strlen(ea_name); + while (list_len > 0) { unsigned int name_len; __u16 value_len; @@ -5837,7 +5842,8 @@ QAllEAsRetry: } if (ea_name) { - if (strncmp(ea_name, temp_ptr, name_len) == 0) { + if (ea_name_len == name_len && + strncmp(ea_name, temp_ptr, name_len) == 0) { temp_ptr += name_len + 1; rc = value_len; if (buf_size == 0) -- 2.20.1