aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSuresh Jayaraman <sjayaraman@suse.de>2009-04-20 09:24:21 -0400
committerSteve French <sfrench@us.ibm.com>2009-04-20 15:58:06 -0400
commit968460ebd8006d55661dec0fb86712b40d71c413 (patch)
treedf76b9f2928e4c347a79a9837815d4a5a6e8c7cf
parentff6945279d45edd8f6b0a5ddb1ef16cecce3ea9c (diff)
cifs: Rename cifs_strncpy_to_host and fix buffer size
There is a possibility for the path_name and node_name buffers to overflow if they contain charcters that are >2 bytes in the local charset. Resize the buffer allocation so to avoid this possibility. Also, as pointed out by Jeff Layton, it would be appropriate to rename the function to cifs_strlcpy_to_host to reflect the fact that the copied string is always NULL terminated. Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de> Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
-rw-r--r--fs/cifs/cifssmb.c20
1 files changed, 10 insertions, 10 deletions
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
index a0845dc7b8a9..a02c43b3faf5 100644
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -88,29 +88,29 @@ static struct {
88 * on failure - errno 88 * on failure - errno
89 */ 89 */
90static int 90static int
91cifs_strncpy_to_host(char **dst, const char *src, const int maxlen, 91cifs_strlcpy_to_host(char **dst, const char *src, const int maxlen,
92 const bool is_unicode, const struct nls_table *nls_codepage) 92 const bool is_unicode, const struct nls_table *nls_codepage)
93{ 93{
94 int plen; 94 int plen;
95 95
96 if (is_unicode) { 96 if (is_unicode) {
97 plen = UniStrnlen((wchar_t *)src, maxlen); 97 plen = UniStrnlen((wchar_t *)src, maxlen);
98 *dst = kmalloc(plen + 2, GFP_KERNEL); 98 *dst = kmalloc((4 * plen) + 2, GFP_KERNEL);
99 if (!*dst) 99 if (!*dst)
100 goto cifs_strncpy_to_host_ErrExit; 100 goto cifs_strlcpy_to_host_ErrExit;
101 cifs_strfromUCS_le(*dst, (__le16 *)src, plen, nls_codepage); 101 cifs_strfromUCS_le(*dst, (__le16 *)src, plen, nls_codepage);
102 (*dst)[plen] = 0;
103 (*dst)[plen+1] = 0; /* needed for Unicode */
102 } else { 104 } else {
103 plen = strnlen(src, maxlen); 105 plen = strnlen(src, maxlen);
104 *dst = kmalloc(plen + 2, GFP_KERNEL); 106 *dst = kmalloc(plen + 2, GFP_KERNEL);
105 if (!*dst) 107 if (!*dst)
106 goto cifs_strncpy_to_host_ErrExit; 108 goto cifs_strlcpy_to_host_ErrExit;
107 strncpy(*dst, src, plen); 109 strlcpy(*dst, src, plen);
108 } 110 }
109 (*dst)[plen] = 0;
110 (*dst)[plen+1] = 0; /* harmless for ASCII case, needed for Unicode */
111 return 0; 111 return 0;
112 112
113cifs_strncpy_to_host_ErrExit: 113cifs_strlcpy_to_host_ErrExit:
114 cERROR(1, ("Failed to allocate buffer for string\n")); 114 cERROR(1, ("Failed to allocate buffer for string\n"));
115 return -ENOMEM; 115 return -ENOMEM;
116} 116}
@@ -4029,7 +4029,7 @@ parse_DFS_referrals(TRANSACTION2_GET_DFS_REFER_RSP *pSMBr,
4029 /* copy DfsPath */ 4029 /* copy DfsPath */
4030 temp = (char *)ref + le16_to_cpu(ref->DfsPathOffset); 4030 temp = (char *)ref + le16_to_cpu(ref->DfsPathOffset);
4031 max_len = data_end - temp; 4031 max_len = data_end - temp;
4032 rc = cifs_strncpy_to_host(&(node->path_name), temp, 4032 rc = cifs_strlcpy_to_host(&(node->path_name), temp,
4033 max_len, is_unicode, nls_codepage); 4033 max_len, is_unicode, nls_codepage);
4034 if (rc) 4034 if (rc)
4035 goto parse_DFS_referrals_exit; 4035 goto parse_DFS_referrals_exit;
@@ -4037,7 +4037,7 @@ parse_DFS_referrals(TRANSACTION2_GET_DFS_REFER_RSP *pSMBr,
4037 /* copy link target UNC */ 4037 /* copy link target UNC */
4038 temp = (char *)ref + le16_to_cpu(ref->NetworkAddressOffset); 4038 temp = (char *)ref + le16_to_cpu(ref->NetworkAddressOffset);
4039 max_len = data_end - temp; 4039 max_len = data_end - temp;
4040 rc = cifs_strncpy_to_host(&(node->node_name), temp, 4040 rc = cifs_strlcpy_to_host(&(node->node_name), temp,
4041 max_len, is_unicode, nls_codepage); 4041 max_len, is_unicode, nls_codepage);
4042 if (rc) 4042 if (rc)
4043 goto parse_DFS_referrals_exit; 4043 goto parse_DFS_referrals_exit;