Bug 2176 - [kernel oops] browsing a directory
[kernel oops] browsing a directory
Status: RESOLVED FIXED
Product: CifsVFS
Classification: Unclassified
Component: kernel fs
2.6
All Linux
: P3 critical
: ---
Assigned To: Steve French
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2004-12-21 00:09 UTC by Han, Donghoon
Modified: 2005-03-07 21:03 UTC (History)
1 user (show)

See Also:


Attachments
this patch prevents kernel oops with unicode directory entry (17.79 KB, patch)
2004-12-21 00:26 UTC, Han, Donghoon
no flags Details
this patch prevents kernel oops with unicode directory entry (15.29 KB, patch)
2004-12-21 00:50 UTC, Han, Donghoon
no flags Details
this file contains files with UTF-8 chars that will be converted as 3byte multibyte UTF-8 format (305 bytes, application/octet-stream)
2004-12-21 01:23 UTC, Han, Donghoon
no flags Details
cifs-unicode-to-mbcs-conversion-bof-fix (15.54 KB, patch)
2004-12-22 03:22 UTC, Han, Donghoon
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Han, Donghoon 2004-12-21 00:09:51 UTC
When the directory contains UTF-8 characters those are converted as 3 or more
bytes multibyte UTF8 character, kernel oops occurs.

this is because the code assumes that in-place WCHAR to CHAR conversion is safe.
when a WCHAR is converted, it can use 3 or more bytes. then buffer overflow occurs.
As you can imagine, messed up structures will end up with a page fault.

I have made my modifications that perfectly works for me.
Please consult my attachments and contact me if you need any assistance.
Comment 1 Han, Donghoon 2004-12-21 00:26:12 UTC
Created attachment 850 [details]
this patch prevents kernel oops with unicode directory entry
Comment 2 Han, Donghoon 2004-12-21 00:47:31 UTC
Comment on attachment 850 [details]
this patch prevents kernel oops with unicode directory entry

this patch is generated from wrong source tree
Comment 3 Han, Donghoon 2004-12-21 00:50:04 UTC
Created attachment 851 [details]
this patch prevents kernel oops with unicode directory entry
Comment 4 Han, Donghoon 2004-12-21 00:51:05 UTC
Comment on attachment 851 [details]
this patch prevents kernel oops with unicode directory entry

this patch is a diff from standard kernel.org source code
Comment 5 Han, Donghoon 2004-12-21 01:23:21 UTC
Created attachment 852 [details]
this file contains files with UTF-8 chars that will be converted as 3byte multibyte UTF-8 format
Comment 6 Han, Donghoon 2004-12-21 02:25:24 UTC
Hey I misunderstood about Unicode and UTF-8 ( only in terminology, I know what
they are ;) ).

By WCHAR or UTF-8, I mean Unicode.
By multibyte UTF-8, I mean UTF8 encoding.

By the way, I've done this on Fedora Core 3 with kernel 2.6.9-1.681_FC3smp.
nls-utf8.ko is loaded. Samba server version was 3.0.10. with unix extension
turned on.
I'll check if this patch works fine with unix extension turend off.
Comment 7 Han, Donghoon 2004-12-22 02:56:05 UTC
This patch works good without "unix extension" on samba server.
This patch works good on kernel 2.6.10-rc3-bk14.
Comment 8 Han, Donghoon 2004-12-22 03:22:53 UTC
Created attachment 860 [details]
cifs-unicode-to-mbcs-conversion-bof-fix
Comment 9 Steve French 2004-12-22 21:47:36 UTC
I think the approach is ok in your patch, but the mainline code in 2.6.10pre I 
believe has already addressed this (the changes are in a new file 
fs/cifs/readdir.c) and in the process fixed two other problems with this 
routine.
Comment 10 Steve French 2005-03-07 21:03:38 UTC
fixed in 2.6.10 (patches available on project page for a few earlier kernel 
versions)