diff options
| author | Insu Yun <wuninsu@gmail.com> | 2016-02-01 11:34:58 -0500 |
|---|---|---|
| committer | Steve French <smfrench@gmail.com> | 2016-02-10 19:04:56 -0500 |
| commit | f34d69c3e54908c97708d0d65075f7c6074fc87e (patch) | |
| tree | a474276b61cd22d01cfc53fa3d77f3f3153b245b | |
| parent | 997152f62751b7d16f1b864121c912fd19032bdf (diff) | |
cifs: fix potential overflow in cifs_compose_mount_options
In worst case, "ip=" + sb_mountdata + ipv6 can be copied into mountdata.
Therefore, for safe, it is better to add more size when allocating memory.
Signed-off-by: Insu Yun <wuninsu@gmail.com>
Signed-off-by: Steve French <smfrench@gmail.com>
| -rw-r--r-- | fs/cifs/cifs_dfs_ref.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/cifs/cifs_dfs_ref.c b/fs/cifs/cifs_dfs_ref.c index 7dc886c9a78f..e956cba94338 100644 --- a/fs/cifs/cifs_dfs_ref.c +++ b/fs/cifs/cifs_dfs_ref.c | |||
| @@ -175,7 +175,7 @@ char *cifs_compose_mount_options(const char *sb_mountdata, | |||
| 175 | * string to the length of the original string to allow for worst case. | 175 | * string to the length of the original string to allow for worst case. |
| 176 | */ | 176 | */ |
| 177 | md_len = strlen(sb_mountdata) + INET6_ADDRSTRLEN; | 177 | md_len = strlen(sb_mountdata) + INET6_ADDRSTRLEN; |
| 178 | mountdata = kzalloc(md_len + 1, GFP_KERNEL); | 178 | mountdata = kzalloc(md_len + sizeof("ip=") + 1, GFP_KERNEL); |
| 179 | if (mountdata == NULL) { | 179 | if (mountdata == NULL) { |
| 180 | rc = -ENOMEM; | 180 | rc = -ENOMEM; |
| 181 | goto compose_mount_options_err; | 181 | goto compose_mount_options_err; |