cifs: fix handling of scopeid in cifs_convert_address

The code finds, the '%' sign in an ipv6 address and copies that to a buffer allocated on the stack. It then ignores that buffer, and passes 'pct' to simple_strtoul(), which doesn't work right because we're comparing 'endp' against a completely different string. Fix it by passing the correct pointer. While we're at it, this is a good candidate for conversion to strict_strtoul as well. Cc: stable@kernel.org Cc: David Howells <dhowells@redhat.com> Reported-by: BjÃ¶rn JACKE <bj@sernet.de> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
author: Jeff Layton <jlayton@redhat.com> 2011-02-16 09:34:16 -0500
committer: Steve French <sfrench@us.ibm.com> 2011-02-17 00:35:33 -0500
commit: 9616125611ee47693186533d76e403856a36b3c8 (patch)
tree: 4bbeff100868bd97bb1eea660838fde851602441
parent: a2640111d5edb3f4e6dd6089c0dbddc7590110b4 (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/fs/cifs/netmisc.c b/fs/cifs/netmisc.c
index 8d9189f64477..79f641eeda30 100644
--- a/fs/cifs/netmisc.c
+++ b/fs/cifs/netmisc.c
@@ -170,7 +170,7 @@ cifs_convert_address(struct sockaddr *dst, const char *src, int len)
 {
        int rc, alen, slen;
        const char *pct;
-        char *endp, scope_id[13];
+        char scope_id[13];
        struct sockaddr_in *s4 = (struct sockaddr_in *) dst;
        struct sockaddr_in6 *s6 = (struct sockaddr_in6 *) dst;
@@ -197,9 +197,9 @@ cifs_convert_address(struct sockaddr *dst, const char *src, int len)
                memcpy(scope_id, pct + 1, slen);
                scope_id[slen] = '\0';
-                s6->sin6_scope_id = (u32) simple_strtoul(pct, &endp, 0);
+                rc = strict_strtoul(scope_id, 0,
-                if (endp != scope_id + slen)
+                                        (unsigned long *)&s6->sin6_scope_id);
-                        return 0;
+                rc = (rc == 0) ? 1 : 0;
        }
        return rc;
author	Jeff Layton <jlayton@redhat.com>	2011-02-16 09:34:16 -0500
committer	Steve French <sfrench@us.ibm.com>	2011-02-17 00:35:33 -0500
commit	9616125611ee47693186533d76e403856a36b3c8 (patch)
tree	4bbeff100868bd97bb1eea660838fde851602441
parent	a2640111d5edb3f4e6dd6089c0dbddc7590110b4 (diff)

diff --git a/fs/cifs/netmisc.c b/fs/cifs/netmisc.c index 8d9189f64477..79f641eeda30 100644 --- a/fs/cifs/netmisc.c +++ b/fs/cifs/netmisc.c
@@ -170,7 +170,7 @@ cifs_convert_address(struct sockaddr dst, const char src, int len)
170	{	170	{
171	int rc, alen, slen;	171	int rc, alen, slen;
172	const char *pct;	172	const char *pct;
173	char *endp, scope_id[13];	173	char scope_id[13];
174	struct sockaddr_in s4 = (struct sockaddr_in ) dst;	174	struct sockaddr_in s4 = (struct sockaddr_in ) dst;
175	struct sockaddr_in6 s6 = (struct sockaddr_in6 ) dst;	175	struct sockaddr_in6 s6 = (struct sockaddr_in6 ) dst;
176		176
@@ -197,9 +197,9 @@ cifs_convert_address(struct sockaddr dst, const char src, int len)
197	memcpy(scope_id, pct + 1, slen);	197	memcpy(scope_id, pct + 1, slen);
198	scope_id[slen] = '\0';	198	scope_id[slen] = '\0';
199		199
200	s6->sin6_scope_id = (u32) simple_strtoul(pct, &endp, 0);	200	rc = strict_strtoul(scope_id, 0,
201	if (endp != scope_id + slen)	201	(unsigned long *)&s6->sin6_scope_id);
202	return 0;	202	rc = (rc == 0) ? 1 : 0;
203	}	203	}
204		204
205	return rc;	205	return rc;