diff options
author | Suresh Jayaraman <sjayaraman@suse.de> | 2009-04-20 09:24:21 -0400 |
---|---|---|
committer | Steve French <sfrench@us.ibm.com> | 2009-04-20 15:58:06 -0400 |
commit | 968460ebd8006d55661dec0fb86712b40d71c413 (patch) | |
tree | df76b9f2928e4c347a79a9837815d4a5a6e8c7cf | |
parent | ff6945279d45edd8f6b0a5ddb1ef16cecce3ea9c (diff) |
cifs: Rename cifs_strncpy_to_host and fix buffer size
There is a possibility for the path_name and node_name buffers to
overflow if they contain charcters that are >2 bytes in the local
charset. Resize the buffer allocation so to avoid this possibility.
Also, as pointed out by Jeff Layton, it would be appropriate to
rename the function to cifs_strlcpy_to_host to reflect the fact
that the copied string is always NULL terminated.
Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de>
Acked-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
-rw-r--r-- | fs/cifs/cifssmb.c | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c index a0845dc7b8a9..a02c43b3faf5 100644 --- a/fs/cifs/cifssmb.c +++ b/fs/cifs/cifssmb.c | |||
@@ -88,29 +88,29 @@ static struct { | |||
88 | * on failure - errno | 88 | * on failure - errno |
89 | */ | 89 | */ |
90 | static int | 90 | static int |
91 | cifs_strncpy_to_host(char **dst, const char *src, const int maxlen, | 91 | cifs_strlcpy_to_host(char **dst, const char *src, const int maxlen, |
92 | const bool is_unicode, const struct nls_table *nls_codepage) | 92 | const bool is_unicode, const struct nls_table *nls_codepage) |
93 | { | 93 | { |
94 | int plen; | 94 | int plen; |
95 | 95 | ||
96 | if (is_unicode) { | 96 | if (is_unicode) { |
97 | plen = UniStrnlen((wchar_t *)src, maxlen); | 97 | plen = UniStrnlen((wchar_t *)src, maxlen); |
98 | *dst = kmalloc(plen + 2, GFP_KERNEL); | 98 | *dst = kmalloc((4 * plen) + 2, GFP_KERNEL); |
99 | if (!*dst) | 99 | if (!*dst) |
100 | goto cifs_strncpy_to_host_ErrExit; | 100 | goto cifs_strlcpy_to_host_ErrExit; |
101 | cifs_strfromUCS_le(*dst, (__le16 *)src, plen, nls_codepage); | 101 | cifs_strfromUCS_le(*dst, (__le16 *)src, plen, nls_codepage); |
102 | (*dst)[plen] = 0; | ||
103 | (*dst)[plen+1] = 0; /* needed for Unicode */ | ||
102 | } else { | 104 | } else { |
103 | plen = strnlen(src, maxlen); | 105 | plen = strnlen(src, maxlen); |
104 | *dst = kmalloc(plen + 2, GFP_KERNEL); | 106 | *dst = kmalloc(plen + 2, GFP_KERNEL); |
105 | if (!*dst) | 107 | if (!*dst) |
106 | goto cifs_strncpy_to_host_ErrExit; | 108 | goto cifs_strlcpy_to_host_ErrExit; |
107 | strncpy(*dst, src, plen); | 109 | strlcpy(*dst, src, plen); |
108 | } | 110 | } |
109 | (*dst)[plen] = 0; | ||
110 | (*dst)[plen+1] = 0; /* harmless for ASCII case, needed for Unicode */ | ||
111 | return 0; | 111 | return 0; |
112 | 112 | ||
113 | cifs_strncpy_to_host_ErrExit: | 113 | cifs_strlcpy_to_host_ErrExit: |
114 | cERROR(1, ("Failed to allocate buffer for string\n")); | 114 | cERROR(1, ("Failed to allocate buffer for string\n")); |
115 | return -ENOMEM; | 115 | return -ENOMEM; |
116 | } | 116 | } |
@@ -4029,7 +4029,7 @@ parse_DFS_referrals(TRANSACTION2_GET_DFS_REFER_RSP *pSMBr, | |||
4029 | /* copy DfsPath */ | 4029 | /* copy DfsPath */ |
4030 | temp = (char *)ref + le16_to_cpu(ref->DfsPathOffset); | 4030 | temp = (char *)ref + le16_to_cpu(ref->DfsPathOffset); |
4031 | max_len = data_end - temp; | 4031 | max_len = data_end - temp; |
4032 | rc = cifs_strncpy_to_host(&(node->path_name), temp, | 4032 | rc = cifs_strlcpy_to_host(&(node->path_name), temp, |
4033 | max_len, is_unicode, nls_codepage); | 4033 | max_len, is_unicode, nls_codepage); |
4034 | if (rc) | 4034 | if (rc) |
4035 | goto parse_DFS_referrals_exit; | 4035 | goto parse_DFS_referrals_exit; |
@@ -4037,7 +4037,7 @@ parse_DFS_referrals(TRANSACTION2_GET_DFS_REFER_RSP *pSMBr, | |||
4037 | /* copy link target UNC */ | 4037 | /* copy link target UNC */ |
4038 | temp = (char *)ref + le16_to_cpu(ref->NetworkAddressOffset); | 4038 | temp = (char *)ref + le16_to_cpu(ref->NetworkAddressOffset); |
4039 | max_len = data_end - temp; | 4039 | max_len = data_end - temp; |
4040 | rc = cifs_strncpy_to_host(&(node->node_name), temp, | 4040 | rc = cifs_strlcpy_to_host(&(node->node_name), temp, |
4041 | max_len, is_unicode, nls_codepage); | 4041 | max_len, is_unicode, nls_codepage); |
4042 | if (rc) | 4042 | if (rc) |
4043 | goto parse_DFS_referrals_exit; | 4043 | goto parse_DFS_referrals_exit; |