diff options
| author | Chen Gang <gang.chen@asianux.com> | 2013-07-18 21:01:36 -0400 |
|---|---|---|
| committer | Steve French <smfrench@gmail.com> | 2013-07-31 00:54:40 -0400 |
| commit | 057d6332b24a4497c55a761c83c823eed9e3f23b (patch) | |
| tree | 15ad5c70288bc61084fd01c2f9b0db208d581c12 /fs/cifs/cifsencrypt.c | |
| parent | ecb2cf1a6b63825a258ff4fe0d7f3070fbe4676b (diff) | |
cifs: extend the buffer length enought for sprintf() using
For cifs_set_cifscreds() in "fs/cifs/connect.c", 'desc' buffer length
is 'CIFSCREDS_DESC_SIZE' (56 is less than 256), and 'ses->domainName'
length may be "255 + '\0'".
The related sprintf() may cause memory overflow, so need extend related
buffer enough to hold all things.
It is also necessary to be sure of 'ses->domainName' must be less than
256, and define the related macro instead of hard code number '256'.
Signed-off-by: Chen Gang <gang.chen@asianux.com>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Reviewed-by: Scott Lovenberg <scott.lovenberg@gmail.com>
CC: <stable@vger.kernel.org>
Signed-off-by: Steve French <smfrench@gmail.com>
Diffstat (limited to 'fs/cifs/cifsencrypt.c')
| -rw-r--r-- | fs/cifs/cifsencrypt.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c index 45e57cc38200..194f9cce5d83 100644 --- a/fs/cifs/cifsencrypt.c +++ b/fs/cifs/cifsencrypt.c | |||
| @@ -421,7 +421,7 @@ find_domain_name(struct cifs_ses *ses, const struct nls_table *nls_cp) | |||
| 421 | if (blobptr + attrsize > blobend) | 421 | if (blobptr + attrsize > blobend) |
| 422 | break; | 422 | break; |
| 423 | if (type == NTLMSSP_AV_NB_DOMAIN_NAME) { | 423 | if (type == NTLMSSP_AV_NB_DOMAIN_NAME) { |
| 424 | if (!attrsize) | 424 | if (!attrsize || attrsize >= CIFS_MAX_DOMAINNAME_LEN) |
| 425 | break; | 425 | break; |
| 426 | if (!ses->domainName) { | 426 | if (!ses->domainName) { |
| 427 | ses->domainName = | 427 | ses->domainName = |