diff options
| author | Steve French <sfrench@us.ibm.com> | 2011-08-18 00:41:55 -0400 |
|---|---|---|
| committer | Steve French <sfrench@us.ibm.com> | 2011-08-18 12:53:02 -0400 |
| commit | 13589c437daf4c8e429b3236c0b923de1c9420d8 (patch) | |
| tree | de72b74d9214b3ee04a6dcc7df934c29b3eed305 /fs | |
| parent | fa71f447065f676157ba6a2c121ba419818fc559 (diff) | |
[CIFS] possible memory corruption on mount
CIFS cleanup_volume_info_contents() looks like having a memory
corruption problem.
When UNCip is set to "&vol->UNC[2]" in cifs_parse_mount_options(), it
should not be kfree()-ed in cleanup_volume_info_contents().
Introduced in commit b946845a9dc523c759cae2b6a0f6827486c3221a
Signed-off-by: J.R. Okajima <hooanon05@yahoo.co.jp>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
CC: Stable <stable@kernel.org>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/cifs/connect.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index 80c2e3add3a2..633c246b6775 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c | |||
| @@ -2878,7 +2878,8 @@ cleanup_volume_info_contents(struct smb_vol *volume_info) | |||
| 2878 | kfree(volume_info->username); | 2878 | kfree(volume_info->username); |
| 2879 | kzfree(volume_info->password); | 2879 | kzfree(volume_info->password); |
| 2880 | kfree(volume_info->UNC); | 2880 | kfree(volume_info->UNC); |
| 2881 | kfree(volume_info->UNCip); | 2881 | if (volume_info->UNCip != volume_info->UNC + 2) |
| 2882 | kfree(volume_info->UNCip); | ||
| 2882 | kfree(volume_info->domainname); | 2883 | kfree(volume_info->domainname); |
| 2883 | kfree(volume_info->iocharset); | 2884 | kfree(volume_info->iocharset); |
| 2884 | kfree(volume_info->prepath); | 2885 | kfree(volume_info->prepath); |