[CIFS] Fix oops in cifs_strfromUCS_le mounting to servers which do not specify their OS

Fixes kernel bug #10451 http://bugzilla.kernel.org/show_bug.cgi?id=10451 Certain NAS appliances do not set the operating system or network operating system fields in the session setup response on the wire. cifs was oopsing on the unexpected zero length response fields (when trying to null terminate a zero length field). This fixes the oops. Acked-by: Jeff Layton <jlayton@redhat.com> CC: stable <stable@kernel.org> Signed-off-by: Steve French <sfrench@us.ibm.com>
author: Steve French <sfrench@us.ibm.com> 2009-02-16 20:29:40 -0500
committer: Steve French <sfrench@us.ibm.com> 2009-02-20 22:37:09 -0500
commit: 69765529d701c838df19ea1f5ad2f33a528261ae (patch)
tree: 229ce1fda799ac8f6553a87ed05516dd675b3eec /fs/cifs/sess.c
parent: 44f68fadd865bb288ebdcea2b602f0b1cab27a0c (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
index 5f22de7b79a9..b234407a3007 100644
--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c
@@ -228,7 +228,7 @@ static int decode_unicode_ssetup(char **pbcc_area, int bleft,
        kfree(ses->serverOS);
        /* UTF-8 string will not grow more than four times as big as UCS-16 */
-        ses->serverOS = kzalloc(4 * len, GFP_KERNEL);
+        ses->serverOS = kzalloc((4 * len) + 2 /* trailing null */, GFP_KERNEL);
        if (ses->serverOS != NULL)
                cifs_strfromUCS_le(ses->serverOS, (__le16 *)data, len, nls_cp);
        data += 2 * (len + 1);
@@ -241,7 +241,7 @@ static int decode_unicode_ssetup(char **pbcc_area, int bleft,
                return rc;
        kfree(ses->serverNOS);
-        ses->serverNOS = kzalloc(4 * len, GFP_KERNEL); /* BB this is wrong length FIXME BB */
+        ses->serverNOS = kzalloc((4 * len) + 2 /* trailing null */, GFP_KERNEL);
        if (ses->serverNOS != NULL) {
                cifs_strfromUCS_le(ses->serverNOS, (__le16 *)data, len,
                                   nls_cp);
author	Steve French <sfrench@us.ibm.com>	2009-02-16 20:29:40 -0500
committer	Steve French <sfrench@us.ibm.com>	2009-02-20 22:37:09 -0500
commit	69765529d701c838df19ea1f5ad2f33a528261ae (patch)
tree	229ce1fda799ac8f6553a87ed05516dd675b3eec /fs/cifs/sess.c
parent	44f68fadd865bb288ebdcea2b602f0b1cab27a0c (diff)

diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c index 5f22de7b79a9..b234407a3007 100644 --- a/fs/cifs/sess.c +++ b/fs/cifs/sess.c
@@ -228,7 +228,7 @@ static int decode_unicode_ssetup(char **pbcc_area, int bleft,
228		228
229	kfree(ses->serverOS);	229	kfree(ses->serverOS);
230	/* UTF-8 string will not grow more than four times as big as UCS-16 */	230	/* UTF-8 string will not grow more than four times as big as UCS-16 */
231	ses->serverOS = kzalloc(4 * len, GFP_KERNEL);	231	ses->serverOS = kzalloc((4 * len) + 2 /* trailing null */, GFP_KERNEL);
232	if (ses->serverOS != NULL)	232	if (ses->serverOS != NULL)
233	cifs_strfromUCS_le(ses->serverOS, (__le16 *)data, len, nls_cp);	233	cifs_strfromUCS_le(ses->serverOS, (__le16 *)data, len, nls_cp);
234	data += 2 * (len + 1);	234	data += 2 * (len + 1);
@@ -241,7 +241,7 @@ static int decode_unicode_ssetup(char **pbcc_area, int bleft,
241	return rc;	241	return rc;
242		242
243	kfree(ses->serverNOS);	243	kfree(ses->serverNOS);
244	ses->serverNOS = kzalloc(4 * len, GFP_KERNEL); /* BB this is wrong length FIXME BB */	244	ses->serverNOS = kzalloc((4 * len) + 2 /* trailing null */, GFP_KERNEL);
245	if (ses->serverNOS != NULL) {	245	if (ses->serverNOS != NULL) {
246	cifs_strfromUCS_le(ses->serverNOS, (__le16 *)data, len,	246	cifs_strfromUCS_le(ses->serverNOS, (__le16 *)data, len,
247	nls_cp);	247	nls_cp);