diff options
author | Steve French <sfrench@us.ibm.com> | 2009-02-16 20:29:40 -0500 |
---|---|---|
committer | Steve French <sfrench@us.ibm.com> | 2009-02-20 22:37:09 -0500 |
commit | 69765529d701c838df19ea1f5ad2f33a528261ae (patch) | |
tree | 229ce1fda799ac8f6553a87ed05516dd675b3eec /fs/cifs/sess.c | |
parent | 44f68fadd865bb288ebdcea2b602f0b1cab27a0c (diff) |
[CIFS] Fix oops in cifs_strfromUCS_le mounting to servers which do not specify their OS
Fixes kernel bug #10451 http://bugzilla.kernel.org/show_bug.cgi?id=10451
Certain NAS appliances do not set the operating system or network operating system
fields in the session setup response on the wire. cifs was oopsing on the unexpected
zero length response fields (when trying to null terminate a zero length field).
This fixes the oops.
Acked-by: Jeff Layton <jlayton@redhat.com>
CC: stable <stable@kernel.org>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Diffstat (limited to 'fs/cifs/sess.c')
-rw-r--r-- | fs/cifs/sess.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c index 5f22de7b79a9..b234407a3007 100644 --- a/fs/cifs/sess.c +++ b/fs/cifs/sess.c | |||
@@ -228,7 +228,7 @@ static int decode_unicode_ssetup(char **pbcc_area, int bleft, | |||
228 | 228 | ||
229 | kfree(ses->serverOS); | 229 | kfree(ses->serverOS); |
230 | /* UTF-8 string will not grow more than four times as big as UCS-16 */ | 230 | /* UTF-8 string will not grow more than four times as big as UCS-16 */ |
231 | ses->serverOS = kzalloc(4 * len, GFP_KERNEL); | 231 | ses->serverOS = kzalloc((4 * len) + 2 /* trailing null */, GFP_KERNEL); |
232 | if (ses->serverOS != NULL) | 232 | if (ses->serverOS != NULL) |
233 | cifs_strfromUCS_le(ses->serverOS, (__le16 *)data, len, nls_cp); | 233 | cifs_strfromUCS_le(ses->serverOS, (__le16 *)data, len, nls_cp); |
234 | data += 2 * (len + 1); | 234 | data += 2 * (len + 1); |
@@ -241,7 +241,7 @@ static int decode_unicode_ssetup(char **pbcc_area, int bleft, | |||
241 | return rc; | 241 | return rc; |
242 | 242 | ||
243 | kfree(ses->serverNOS); | 243 | kfree(ses->serverNOS); |
244 | ses->serverNOS = kzalloc(4 * len, GFP_KERNEL); /* BB this is wrong length FIXME BB */ | 244 | ses->serverNOS = kzalloc((4 * len) + 2 /* trailing null */, GFP_KERNEL); |
245 | if (ses->serverNOS != NULL) { | 245 | if (ses->serverNOS != NULL) { |
246 | cifs_strfromUCS_le(ses->serverNOS, (__le16 *)data, len, | 246 | cifs_strfromUCS_le(ses->serverNOS, (__le16 *)data, len, |
247 | nls_cp); | 247 | nls_cp); |