diff options
| author | Ingo Molnar <mingo@elte.hu> | 2012-03-05 03:20:08 -0500 |
|---|---|---|
| committer | Ingo Molnar <mingo@elte.hu> | 2012-03-05 03:20:08 -0500 |
| commit | 737f24bda723fdf89ecaacb99fa2bf5683c32799 (patch) | |
| tree | 35495fff3e9956679cb5468e74e6814c8e44ee66 /fs/cifs/sess.c | |
| parent | 8eedce996556d7d06522cd3a0e6069141c8dffe0 (diff) | |
| parent | b7c924274c456499264d1cfa3d44063bb11eb5db (diff) | |
Merge branch 'perf/urgent' into perf/core
Conflicts:
tools/perf/builtin-record.c
tools/perf/builtin-top.c
tools/perf/perf.h
tools/perf/util/top.h
Merge reason: resolve these cherry-picking conflicts.
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Diffstat (limited to 'fs/cifs/sess.c')
| -rw-r--r-- | fs/cifs/sess.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c index d85efad5765f..551d0c2b9736 100644 --- a/fs/cifs/sess.c +++ b/fs/cifs/sess.c | |||
| @@ -246,16 +246,15 @@ static void ascii_ssetup_strings(char **pbcc_area, struct cifs_ses *ses, | |||
| 246 | /* copy user */ | 246 | /* copy user */ |
| 247 | /* BB what about null user mounts - check that we do this BB */ | 247 | /* BB what about null user mounts - check that we do this BB */ |
| 248 | /* copy user */ | 248 | /* copy user */ |
| 249 | if (ses->user_name != NULL) | 249 | if (ses->user_name != NULL) { |
| 250 | strncpy(bcc_ptr, ses->user_name, MAX_USERNAME_SIZE); | 250 | strncpy(bcc_ptr, ses->user_name, MAX_USERNAME_SIZE); |
| 251 | bcc_ptr += strnlen(ses->user_name, MAX_USERNAME_SIZE); | ||
| 252 | } | ||
| 251 | /* else null user mount */ | 253 | /* else null user mount */ |
| 252 | |||
| 253 | bcc_ptr += strnlen(ses->user_name, MAX_USERNAME_SIZE); | ||
| 254 | *bcc_ptr = 0; | 254 | *bcc_ptr = 0; |
| 255 | bcc_ptr++; /* account for null termination */ | 255 | bcc_ptr++; /* account for null termination */ |
| 256 | 256 | ||
| 257 | /* copy domain */ | 257 | /* copy domain */ |
| 258 | |||
| 259 | if (ses->domainName != NULL) { | 258 | if (ses->domainName != NULL) { |
| 260 | strncpy(bcc_ptr, ses->domainName, 256); | 259 | strncpy(bcc_ptr, ses->domainName, 256); |
| 261 | bcc_ptr += strnlen(ses->domainName, 256); | 260 | bcc_ptr += strnlen(ses->domainName, 256); |
| @@ -395,6 +394,10 @@ static int decode_ntlmssp_challenge(char *bcc_ptr, int blob_len, | |||
| 395 | ses->ntlmssp->server_flags = le32_to_cpu(pblob->NegotiateFlags); | 394 | ses->ntlmssp->server_flags = le32_to_cpu(pblob->NegotiateFlags); |
| 396 | tioffset = le32_to_cpu(pblob->TargetInfoArray.BufferOffset); | 395 | tioffset = le32_to_cpu(pblob->TargetInfoArray.BufferOffset); |
| 397 | tilen = le16_to_cpu(pblob->TargetInfoArray.Length); | 396 | tilen = le16_to_cpu(pblob->TargetInfoArray.Length); |
| 397 | if (tioffset > blob_len || tioffset + tilen > blob_len) { | ||
| 398 | cERROR(1, "tioffset + tilen too high %u + %u", tioffset, tilen); | ||
| 399 | return -EINVAL; | ||
| 400 | } | ||
| 398 | if (tilen) { | 401 | if (tilen) { |
| 399 | ses->auth_key.response = kmalloc(tilen, GFP_KERNEL); | 402 | ses->auth_key.response = kmalloc(tilen, GFP_KERNEL); |
| 400 | if (!ses->auth_key.response) { | 403 | if (!ses->auth_key.response) { |