aboutsummaryrefslogtreecommitdiffstats
path: root/fs/cifs/sess.c
diff options
context:
space:
mode:
authorSteve French <sfrench@us.ibm.com>2009-02-16 20:29:40 -0500
committerSteve French <sfrench@us.ibm.com>2009-02-20 22:37:09 -0500
commit69765529d701c838df19ea1f5ad2f33a528261ae (patch)
tree229ce1fda799ac8f6553a87ed05516dd675b3eec /fs/cifs/sess.c
parent44f68fadd865bb288ebdcea2b602f0b1cab27a0c (diff)
[CIFS] Fix oops in cifs_strfromUCS_le mounting to servers which do not specify their OS
Fixes kernel bug #10451 http://bugzilla.kernel.org/show_bug.cgi?id=10451 Certain NAS appliances do not set the operating system or network operating system fields in the session setup response on the wire. cifs was oopsing on the unexpected zero length response fields (when trying to null terminate a zero length field). This fixes the oops. Acked-by: Jeff Layton <jlayton@redhat.com> CC: stable <stable@kernel.org> Signed-off-by: Steve French <sfrench@us.ibm.com>
Diffstat (limited to 'fs/cifs/sess.c')
-rw-r--r--fs/cifs/sess.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
index 5f22de7b79a9..b234407a3007 100644
--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c
@@ -228,7 +228,7 @@ static int decode_unicode_ssetup(char **pbcc_area, int bleft,
228 228
229 kfree(ses->serverOS); 229 kfree(ses->serverOS);
230 /* UTF-8 string will not grow more than four times as big as UCS-16 */ 230 /* UTF-8 string will not grow more than four times as big as UCS-16 */
231 ses->serverOS = kzalloc(4 * len, GFP_KERNEL); 231 ses->serverOS = kzalloc((4 * len) + 2 /* trailing null */, GFP_KERNEL);
232 if (ses->serverOS != NULL) 232 if (ses->serverOS != NULL)
233 cifs_strfromUCS_le(ses->serverOS, (__le16 *)data, len, nls_cp); 233 cifs_strfromUCS_le(ses->serverOS, (__le16 *)data, len, nls_cp);
234 data += 2 * (len + 1); 234 data += 2 * (len + 1);
@@ -241,7 +241,7 @@ static int decode_unicode_ssetup(char **pbcc_area, int bleft,
241 return rc; 241 return rc;
242 242
243 kfree(ses->serverNOS); 243 kfree(ses->serverNOS);
244 ses->serverNOS = kzalloc(4 * len, GFP_KERNEL); /* BB this is wrong length FIXME BB */ 244 ses->serverNOS = kzalloc((4 * len) + 2 /* trailing null */, GFP_KERNEL);
245 if (ses->serverNOS != NULL) { 245 if (ses->serverNOS != NULL) {
246 cifs_strfromUCS_le(ses->serverNOS, (__le16 *)data, len, 246 cifs_strfromUCS_le(ses->serverNOS, (__le16 *)data, len,
247 nls_cp); 247 nls_cp);