1 files changed, 143 insertions, 62 deletions
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 0de3b5615a22..bacdef1546b7 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -2214,9 +2214,58 @@ is_path_accessible(int xid, struct cifsTconInfo *tcon,
        return rc;
 }
+static void
+cleanup_volume_info(struct smb_vol **pvolume_info)
+{
+        struct smb_vol *volume_info;
+        if (!pvolume_info && !*pvolume_info)
+                return;
+        volume_info = *pvolume_info;
+        kzfree(volume_info->password);
+        kfree(volume_info->UNC);
+        kfree(volume_info->prepath);
+        kfree(volume_info);
+        *pvolume_info = NULL;
+        return;
+}
+#ifdef CONFIG_CIFS_DFS_UPCALL
+/* build_path_to_root returns full path to root when
+ * we do not have an exiting connection (tcon) */
+static char *
+build_unc_path_to_root(const struct smb_vol *volume_info,
+                const struct cifs_sb_info *cifs_sb)
+{
+        char *full_path;
+        int unc_len = strnlen(volume_info->UNC, MAX_TREE_SIZE + 1);
+        full_path = kmalloc(unc_len + cifs_sb->prepathlen + 1, GFP_KERNEL);
+        if (full_path == NULL)
+                return ERR_PTR(-ENOMEM);
+        strncpy(full_path, volume_info->UNC, unc_len);
+        if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) {
+                int i;
+                for (i = 0; i < unc_len; i++) {
+                        if (full_path[i] == '\\')
+                                full_path[i] = '/';
+                }
+        }
+        if (cifs_sb->prepathlen)
+                strncpy(full_path + unc_len, cifs_sb->prepath,
+                                cifs_sb->prepathlen);
+        full_path[unc_len + cifs_sb->prepathlen] = 0; /* add trailing null */
+        return full_path;
+}
+#endif
 int
 cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
-           char *mount_data, const char *devname)
+                char *mount_data_global, const char *devname)
 {
        int rc = 0;
        int xid;
@@ -2225,6 +2274,13 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
        struct cifsTconInfo *tcon = NULL;
        struct TCP_Server_Info *srvTcp = NULL;
        char   *full_path;
+        char *mount_data = mount_data_global;
+#ifdef CONFIG_CIFS_DFS_UPCALL
+        struct dfs_info3_param *referrals = NULL;
+        unsigned int num_referrals = 0;
+try_mount_again:
+#endif
+        full_path = NULL;
        xid = GetXid();
@@ -2371,11 +2427,9 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
                                }
                        }
-                        /* check for null share name ie connect to dfs root */
                        if ((strchr(volume_info->UNC + 3, '\\') == NULL)
                            && (strchr(volume_info->UNC + 3, '/') == NULL)) {
-                                /* rc = connect_to_dfs_path(...) */
+                                cERROR(1, ("Missing share name"));
-                                cFYI(1, ("DFS root not supported"));
                                rc = -ENODEV;
                                goto mount_fail_check;
                        } else {
@@ -2392,7 +2446,7 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
                                }
                        }
                        if (rc)
-                                goto mount_fail_check;
+                                goto remote_path_check;
                        tcon->seal = volume_info->seal;
                        write_lock(&cifs_tcp_ses_lock);
                        list_add(&tcon->tcon_list, &pSesInfo->tcon_list);
@@ -2417,19 +2471,9 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
        /* BB FIXME fix time_gran to be larger for LANMAN sessions */
        sb->s_time_gran = 100;
-mount_fail_check:
+        if (rc)
-        /* on error free sesinfo and tcon struct if needed */
+                goto remote_path_check;
-        if (rc) {
-                /* If find_unc succeeded then rc == 0 so we can not end */
-                /* up accidently freeing someone elses tcon struct */
-                if (tcon)
-                        cifs_put_tcon(tcon);
-                else if (pSesInfo)
-                        cifs_put_smb_ses(pSesInfo);
-                else
-                        cifs_put_tcp_session(srvTcp);
-                goto out;
-        }
        cifs_sb->tcon = tcon;
        /* do not care if following two calls succeed - informational */
@@ -2461,7 +2505,9 @@ mount_fail_check:
                cifs_sb->rsize = min(cifs_sb->rsize,
                               (tcon->ses->server->maxBuf - MAX_CIFS_HDR_SIZE));
-        if (!rc && cifs_sb->prepathlen) {
+remote_path_check:
+        /* check if a whole path (including prepath) is not remote */
+        if (!rc && cifs_sb->prepathlen && tcon) {
                /* build_path_to_root works only when we have a valid tcon */
                full_path = cifs_build_path_to_root(cifs_sb);
                if (full_path == NULL) {
@@ -2469,31 +2515,79 @@ mount_fail_check:
                        goto mount_fail_check;
                }
                rc = is_path_accessible(xid, tcon, cifs_sb, full_path);
-                if (rc) {
+                if (rc != -EREMOTE) {
-                        cERROR(1, ("Path %s in not accessible: %d",
-                                                full_path, rc));
                        kfree(full_path);
                        goto mount_fail_check;
                }
                kfree(full_path);
        }
+        /* get referral if needed */
+        if (rc == -EREMOTE) {
+#ifdef CONFIG_CIFS_DFS_UPCALL
+                /* convert forward to back slashes in prepath here if needed */
+                if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) == 0)
+                        convert_delimiter(cifs_sb->prepath,
+                                        CIFS_DIR_SEP(cifs_sb));
+                full_path = build_unc_path_to_root(volume_info, cifs_sb);
+                if (IS_ERR(full_path)) {
+                        rc = PTR_ERR(full_path);
+                        goto mount_fail_check;
+                }
+                cFYI(1, ("Getting referral for: %s", full_path));
+                rc = get_dfs_path(xid, pSesInfo , full_path + 1,
+                        cifs_sb->local_nls, &num_referrals, &referrals,
+                        cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MAP_SPECIAL_CHR);
+                if (!rc && num_referrals > 0) {
+                        char *fake_devname = NULL;
+                        if (mount_data != mount_data_global)
+                                kfree(mount_data);
+                        mount_data = cifs_compose_mount_options(
+                                        cifs_sb->mountdata, full_path + 1,
+                                        referrals, &fake_devname);
+                        kfree(fake_devname);
+                        free_dfs_info_array(referrals, num_referrals);
+                        if (tcon)
+                                cifs_put_tcon(tcon);
+                        else if (pSesInfo)
+                                cifs_put_smb_ses(pSesInfo);
+                        cleanup_volume_info(&volume_info);
+                        FreeXid(xid);
+                        kfree(full_path);
+                        goto try_mount_again;
+                }
+#else /* No DFS support, return error on mount */
+                rc = -EOPNOTSUPP;
+#endif
+        }
+mount_fail_check:
+        /* on error free sesinfo and tcon struct if needed */
+        if (rc) {
+                if (mount_data != mount_data_global)
+                        kfree(mount_data);
+                /* If find_unc succeeded then rc == 0 so we can not end */
+                /* up accidently freeing someone elses tcon struct */
+                if (tcon)
+                        cifs_put_tcon(tcon);
+                else if (pSesInfo)
+                        cifs_put_smb_ses(pSesInfo);
+                else
+                        cifs_put_tcp_session(srvTcp);
+                goto out;
+        }
        /* volume_info->password is freed above when existing session found
        (in which case it is not needed anymore) but when new sesion is created
        the password ptr is put in the new session structure (in which case the
        password will be freed at unmount time) */
 out:
        /* zero out password before freeing */
-        if (volume_info) {
+        cleanup_volume_info(&volume_info);
-                if (volume_info->password != NULL) {
-                        memset(volume_info->password, 0,
-                                strlen(volume_info->password));
-                        kfree(volume_info->password);
-                }
-                kfree(volume_info->UNC);
-                kfree(volume_info->prepath);
-                kfree(volume_info);
-        }
        FreeXid(xid);
        return rc;
 }
@@ -2673,8 +2767,7 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
 /* We look for obvious messed up bcc or strings in response so we do not go off
   the end since (at least) WIN2K and Windows XP have a major bug in not null
   terminating last Unicode string in response  */
-                                if (ses->serverOS)
+                                kfree(ses->serverOS);
-                                        kfree(ses->serverOS);
                                ses->serverOS = kzalloc(2 * (len + 1),
                                                        GFP_KERNEL);
                                if (ses->serverOS == NULL)
@@ -2710,8 +2803,7 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
                                                len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
                                /* last string is not always null terminated
                                   (for e.g. for Windows XP & 2000) */
-                                                if (ses->serverDomain)
+                                                kfree(ses->serverDomain);
-                                                        kfree(ses->serverDomain);
                                                ses->serverDomain =
                                                    kzalloc(2*(len+1),
                                                            GFP_KERNEL);
@@ -2725,8 +2817,7 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
                                                ses->serverDomain[1+(2*len)] = 0;
                                        } else { /* else no more room so create
                                                  dummy domain string */
-                                                if (ses->serverDomain)
+                                                kfree(ses->serverDomain);
-                                                        kfree(ses->serverDomain);
                                                ses->serverDomain =
                                                        kzalloc(2, GFP_KERNEL);
                                        }
@@ -2772,8 +2863,7 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
                                        bcc_ptr++;
                                        len = strnlen(bcc_ptr, 1024);
-                                        if (ses->serverDomain)
+                                        kfree(ses->serverDomain);
-                                                kfree(ses->serverDomain);
                                        ses->serverDomain = kzalloc(len + 1,
                                                                    GFP_KERNEL);
                                        if (ses->serverDomain == NULL)
@@ -3013,8 +3103,7 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
 /* We look for obvious messed up bcc or strings in response so we do not go off
   the end since (at least) WIN2K and Windows XP have a major bug in not null
   terminating last Unicode string in response  */
-                                        if (ses->serverOS)
+                                        kfree(ses->serverOS);
-                                                kfree(ses->serverOS);
                                        ses->serverOS =
                                            kzalloc(2 * (len + 1), GFP_KERNEL);
                                        cifs_strfromUCS_le(ses->serverOS,
@@ -3086,8 +3175,7 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
                                        if (((long) bcc_ptr + len) - (long)
                                            pByteArea(smb_buffer_response)
                                            <= BCC(smb_buffer_response)) {
-                                                if (ses->serverOS)
+                                                kfree(ses->serverOS);
-                                                        kfree(ses->serverOS);
                                                ses->serverOS =
                                                    kzalloc(len + 1,
                                                            GFP_KERNEL);
@@ -3414,8 +3502,7 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
 /* We look for obvious messed up bcc or strings in response so we do not go off
  the end since (at least) WIN2K and Windows XP have a major bug in not null
  terminating last Unicode string in response  */
-                                        if (ses->serverOS)
+                                        kfree(ses->serverOS);
-                                                kfree(ses->serverOS);
                                        ses->serverOS =
                                            kzalloc(2 * (len + 1), GFP_KERNEL);
                                        cifs_strfromUCS_le(ses->serverOS,
@@ -3448,8 +3535,7 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
                                                if (remaining_words > 0) {
                                                        len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
     /* last string not always null terminated (e.g. for Windows XP & 2000) */
-                                                        if (ses->serverDomain)
+                                                        kfree(ses->serverDomain);
-                                                                kfree(ses->serverDomain);
                                                        ses->serverDomain =
                                                            kzalloc(2 *
                                                                    (len +
@@ -3476,13 +3562,11 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
                                                            = 0;
                                                } /* else no more room so create dummy domain string */
                                                else {
-                                                        if (ses->serverDomain)
+                                                        kfree(ses->serverDomain);
-                                                                kfree(ses->serverDomain);
                                                        ses->serverDomain = kzalloc(2,GFP_KERNEL);
                                                }
                                        } else {  /* no room so create dummy domain and NOS string */
-                                                if (ses->serverDomain)
+                                                kfree(ses->serverDomain);
-                                                        kfree(ses->serverDomain);
                                                ses->serverDomain = kzalloc(2, GFP_KERNEL);
                                                kfree(ses->serverNOS);
                                                ses->serverNOS = kzalloc(2, GFP_KERNEL);
@@ -3492,8 +3576,7 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
                                        if (((long) bcc_ptr + len) -
                                           (long) pByteArea(smb_buffer_response)
                                                <= BCC(smb_buffer_response)) {
-                                                if (ses->serverOS)
+                                                kfree(ses->serverOS);
-                                                        kfree(ses->serverOS);
                                                ses->serverOS = kzalloc(len + 1, GFP_KERNEL);
                                                strncpy(ses->serverOS,bcc_ptr, len);
@@ -3512,8 +3595,7 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
                                                bcc_ptr++;
                                                len = strnlen(bcc_ptr, 1024);
-                                                if (ses->serverDomain)
+                                                kfree(ses->serverDomain);
-                                                        kfree(ses->serverDomain);
                                                ses->serverDomain =
                                                                kzalloc(len+1,
                                                                    GFP_KERNEL);
@@ -3674,16 +3756,15 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
                            BCC(smb_buffer_response)) {
                                kfree(tcon->nativeFileSystem);
                                tcon->nativeFileSystem =
-                                    kzalloc(2*(length + 1), GFP_KERNEL);
+                                    kzalloc((4 * length) + 2, GFP_KERNEL);
-                                if (tcon->nativeFileSystem)
+                                if (tcon->nativeFileSystem) {
                                        cifs_strfromUCS_le(
                                                tcon->nativeFileSystem,
                                                (__le16 *) bcc_ptr,
                                                length, nls_codepage);
-                                bcc_ptr += 2 * length;
+                                        cFYI(1, ("nativeFileSystem=%s",
-                                bcc_ptr[0] = 0; /* null terminate the string */
+                                                tcon->nativeFileSystem));
-                                bcc_ptr[1] = 0;
+                                }
-                                bcc_ptr += 2;
                        }
                        /* else do not bother copying these information fields*/
                } else {

diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index 0de3b5615a22..bacdef1546b7 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c
@@ -2214,9 +2214,58 @@ is_path_accessible(int xid, struct cifsTconInfo *tcon,
2214	return rc;	2214	return rc;
2215	}	2215	}
2216		2216
		2217	static void
		2218	cleanup_volume_info(struct smb_vol **pvolume_info)
		2219	{
		2220	struct smb_vol *volume_info;
		2221
		2222	if (!pvolume_info && !*pvolume_info)
		2223	return;
		2224
		2225	volume_info = *pvolume_info;
		2226	kzfree(volume_info->password);
		2227	kfree(volume_info->UNC);
		2228	kfree(volume_info->prepath);
		2229	kfree(volume_info);
		2230	*pvolume_info = NULL;
		2231	return;
		2232	}
		2233
		2234	#ifdef CONFIG_CIFS_DFS_UPCALL
		2235	/* build_path_to_root returns full path to root when
		2236	* we do not have an exiting connection (tcon) */
		2237	static char *
		2238	build_unc_path_to_root(const struct smb_vol *volume_info,
		2239	const struct cifs_sb_info *cifs_sb)
		2240	{
		2241	char *full_path;
		2242
		2243	int unc_len = strnlen(volume_info->UNC, MAX_TREE_SIZE + 1);
		2244	full_path = kmalloc(unc_len + cifs_sb->prepathlen + 1, GFP_KERNEL);
		2245	if (full_path == NULL)
		2246	return ERR_PTR(-ENOMEM);
		2247
		2248	strncpy(full_path, volume_info->UNC, unc_len);
		2249	if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) {
		2250	int i;
		2251	for (i = 0; i < unc_len; i++) {
		2252	if (full_path[i] == '\\')
		2253	full_path[i] = '/';
		2254	}
		2255	}
		2256
		2257	if (cifs_sb->prepathlen)
		2258	strncpy(full_path + unc_len, cifs_sb->prepath,
		2259	cifs_sb->prepathlen);
		2260
		2261	full_path[unc_len + cifs_sb->prepathlen] = 0; /* add trailing null */
		2262	return full_path;
		2263	}
		2264	#endif
		2265
2217	int	2266	int
2218	cifs_mount(struct super_block sb, struct cifs_sb_info cifs_sb,	2267	cifs_mount(struct super_block sb, struct cifs_sb_info cifs_sb,
2219	char mount_data, const char devname)	2268	char mount_data_global, const char devname)
2220	{	2269	{
2221	int rc = 0;	2270	int rc = 0;
2222	int xid;	2271	int xid;
@@ -2225,6 +2274,13 @@ cifs_mount(struct super_block sb, struct cifs_sb_info cifs_sb,
2225	struct cifsTconInfo *tcon = NULL;	2274	struct cifsTconInfo *tcon = NULL;
2226	struct TCP_Server_Info *srvTcp = NULL;	2275	struct TCP_Server_Info *srvTcp = NULL;
2227	char *full_path;	2276	char *full_path;
		2277	char *mount_data = mount_data_global;
		2278	#ifdef CONFIG_CIFS_DFS_UPCALL
		2279	struct dfs_info3_param *referrals = NULL;
		2280	unsigned int num_referrals = 0;
		2281	try_mount_again:
		2282	#endif
		2283	full_path = NULL;
2228		2284
2229	xid = GetXid();	2285	xid = GetXid();
2230		2286
@@ -2371,11 +2427,9 @@ cifs_mount(struct super_block sb, struct cifs_sb_info cifs_sb,
2371	}	2427	}
2372	}	2428	}
2373		2429
2374	/* check for null share name ie connect to dfs root */
2375	if ((strchr(volume_info->UNC + 3, '\\') == NULL)	2430	if ((strchr(volume_info->UNC + 3, '\\') == NULL)
2376	&& (strchr(volume_info->UNC + 3, '/') == NULL)) {	2431	&& (strchr(volume_info->UNC + 3, '/') == NULL)) {
2377	/* rc = connect_to_dfs_path(...) */	2432	cERROR(1, ("Missing share name"));
2378	cFYI(1, ("DFS root not supported"));
2379	rc = -ENODEV;	2433	rc = -ENODEV;
2380	goto mount_fail_check;	2434	goto mount_fail_check;
2381	} else {	2435	} else {
@@ -2392,7 +2446,7 @@ cifs_mount(struct super_block sb, struct cifs_sb_info cifs_sb,
2392	}	2446	}
2393	}	2447	}
2394	if (rc)	2448	if (rc)
2395	goto mount_fail_check;	2449	goto remote_path_check;
2396	tcon->seal = volume_info->seal;	2450	tcon->seal = volume_info->seal;
2397	write_lock(&cifs_tcp_ses_lock);	2451	write_lock(&cifs_tcp_ses_lock);
2398	list_add(&tcon->tcon_list, &pSesInfo->tcon_list);	2452	list_add(&tcon->tcon_list, &pSesInfo->tcon_list);
@@ -2417,19 +2471,9 @@ cifs_mount(struct super_block sb, struct cifs_sb_info cifs_sb,
2417	/* BB FIXME fix time_gran to be larger for LANMAN sessions */	2471	/* BB FIXME fix time_gran to be larger for LANMAN sessions */
2418	sb->s_time_gran = 100;	2472	sb->s_time_gran = 100;
2419		2473
2420	mount_fail_check:	2474	if (rc)
2421	/* on error free sesinfo and tcon struct if needed */	2475	goto remote_path_check;
2422	if (rc) {	2476
2423	/* If find_unc succeeded then rc == 0 so we can not end */
2424	/* up accidently freeing someone elses tcon struct */
2425	if (tcon)
2426	cifs_put_tcon(tcon);
2427	else if (pSesInfo)
2428	cifs_put_smb_ses(pSesInfo);
2429	else
2430	cifs_put_tcp_session(srvTcp);
2431	goto out;
2432	}
2433	cifs_sb->tcon = tcon;	2477	cifs_sb->tcon = tcon;
2434		2478
2435	/* do not care if following two calls succeed - informational */	2479	/* do not care if following two calls succeed - informational */
@@ -2461,7 +2505,9 @@ mount_fail_check:
2461	cifs_sb->rsize = min(cifs_sb->rsize,	2505	cifs_sb->rsize = min(cifs_sb->rsize,
2462	(tcon->ses->server->maxBuf - MAX_CIFS_HDR_SIZE));	2506	(tcon->ses->server->maxBuf - MAX_CIFS_HDR_SIZE));
2463		2507
2464	if (!rc && cifs_sb->prepathlen) {	2508	remote_path_check:
		2509	/* check if a whole path (including prepath) is not remote */
		2510	if (!rc && cifs_sb->prepathlen && tcon) {
2465	/* build_path_to_root works only when we have a valid tcon */	2511	/* build_path_to_root works only when we have a valid tcon */
2466	full_path = cifs_build_path_to_root(cifs_sb);	2512	full_path = cifs_build_path_to_root(cifs_sb);
2467	if (full_path == NULL) {	2513	if (full_path == NULL) {
@@ -2469,31 +2515,79 @@ mount_fail_check:
2469	goto mount_fail_check;	2515	goto mount_fail_check;
2470	}	2516	}
2471	rc = is_path_accessible(xid, tcon, cifs_sb, full_path);	2517	rc = is_path_accessible(xid, tcon, cifs_sb, full_path);
2472	if (rc) {	2518	if (rc != -EREMOTE) {
2473	cERROR(1, ("Path %s in not accessible: %d",
2474	full_path, rc));
2475	kfree(full_path);	2519	kfree(full_path);
2476	goto mount_fail_check;	2520	goto mount_fail_check;
2477	}	2521	}
2478	kfree(full_path);	2522	kfree(full_path);
2479	}	2523	}
2480		2524
		2525	/* get referral if needed */
		2526	if (rc == -EREMOTE) {
		2527	#ifdef CONFIG_CIFS_DFS_UPCALL
		2528	/* convert forward to back slashes in prepath here if needed */
		2529	if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) == 0)
		2530	convert_delimiter(cifs_sb->prepath,
		2531	CIFS_DIR_SEP(cifs_sb));
		2532	full_path = build_unc_path_to_root(volume_info, cifs_sb);
		2533	if (IS_ERR(full_path)) {
		2534	rc = PTR_ERR(full_path);
		2535	goto mount_fail_check;
		2536	}
		2537
		2538	cFYI(1, ("Getting referral for: %s", full_path));
		2539	rc = get_dfs_path(xid, pSesInfo , full_path + 1,
		2540	cifs_sb->local_nls, &num_referrals, &referrals,
		2541	cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MAP_SPECIAL_CHR);
		2542	if (!rc && num_referrals > 0) {
		2543	char *fake_devname = NULL;
		2544
		2545	if (mount_data != mount_data_global)
		2546	kfree(mount_data);
		2547	mount_data = cifs_compose_mount_options(
		2548	cifs_sb->mountdata, full_path + 1,
		2549	referrals, &fake_devname);
		2550	kfree(fake_devname);
		2551	free_dfs_info_array(referrals, num_referrals);
		2552
		2553	if (tcon)
		2554	cifs_put_tcon(tcon);
		2555	else if (pSesInfo)
		2556	cifs_put_smb_ses(pSesInfo);
		2557
		2558	cleanup_volume_info(&volume_info);
		2559	FreeXid(xid);
		2560	kfree(full_path);
		2561	goto try_mount_again;
		2562	}
		2563	#else /* No DFS support, return error on mount */
		2564	rc = -EOPNOTSUPP;
		2565	#endif
		2566	}
		2567
		2568	mount_fail_check:
		2569	/* on error free sesinfo and tcon struct if needed */
		2570	if (rc) {
		2571	if (mount_data != mount_data_global)
		2572	kfree(mount_data);
		2573	/* If find_unc succeeded then rc == 0 so we can not end */
		2574	/* up accidently freeing someone elses tcon struct */
		2575	if (tcon)
		2576	cifs_put_tcon(tcon);
		2577	else if (pSesInfo)
		2578	cifs_put_smb_ses(pSesInfo);
		2579	else
		2580	cifs_put_tcp_session(srvTcp);
		2581	goto out;
		2582	}
		2583
2481	/* volume_info->password is freed above when existing session found	2584	/* volume_info->password is freed above when existing session found
2482	(in which case it is not needed anymore) but when new sesion is created	2585	(in which case it is not needed anymore) but when new sesion is created
2483	the password ptr is put in the new session structure (in which case the	2586	the password ptr is put in the new session structure (in which case the
2484	password will be freed at unmount time) */	2587	password will be freed at unmount time) */
2485	out:	2588	out:
2486	/* zero out password before freeing */	2589	/* zero out password before freeing */
2487	if (volume_info) {	2590	cleanup_volume_info(&volume_info);
2488	if (volume_info->password != NULL) {
2489	memset(volume_info->password, 0,
2490	strlen(volume_info->password));
2491	kfree(volume_info->password);
2492	}
2493	kfree(volume_info->UNC);
2494	kfree(volume_info->prepath);
2495	kfree(volume_info);
2496	}
2497	FreeXid(xid);	2591	FreeXid(xid);
2498	return rc;	2592	return rc;
2499	}	2593	}
@@ -2673,8 +2767,7 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2673	/* We look for obvious messed up bcc or strings in response so we do not go off	2767	/* We look for obvious messed up bcc or strings in response so we do not go off
2674	the end since (at least) WIN2K and Windows XP have a major bug in not null	2768	the end since (at least) WIN2K and Windows XP have a major bug in not null
2675	terminating last Unicode string in response */	2769	terminating last Unicode string in response */
2676	if (ses->serverOS)	2770	kfree(ses->serverOS);
2677	kfree(ses->serverOS);
2678	ses->serverOS = kzalloc(2 * (len + 1),	2771	ses->serverOS = kzalloc(2 * (len + 1),
2679	GFP_KERNEL);	2772	GFP_KERNEL);
2680	if (ses->serverOS == NULL)	2773	if (ses->serverOS == NULL)
@@ -2710,8 +2803,7 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2710	len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);	2803	len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2711	/* last string is not always null terminated	2804	/* last string is not always null terminated
2712	(for e.g. for Windows XP & 2000) */	2805	(for e.g. for Windows XP & 2000) */
2713	if (ses->serverDomain)	2806	kfree(ses->serverDomain);
2714	kfree(ses->serverDomain);
2715	ses->serverDomain =	2807	ses->serverDomain =
2716	kzalloc(2*(len+1),	2808	kzalloc(2*(len+1),
2717	GFP_KERNEL);	2809	GFP_KERNEL);
@@ -2725,8 +2817,7 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2725	ses->serverDomain[1+(2*len)] = 0;	2817	ses->serverDomain[1+(2*len)] = 0;
2726	} else { /* else no more room so create	2818	} else { /* else no more room so create
2727	dummy domain string */	2819	dummy domain string */
2728	if (ses->serverDomain)	2820	kfree(ses->serverDomain);
2729	kfree(ses->serverDomain);
2730	ses->serverDomain =	2821	ses->serverDomain =
2731	kzalloc(2, GFP_KERNEL);	2822	kzalloc(2, GFP_KERNEL);
2732	}	2823	}
@@ -2772,8 +2863,7 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2772	bcc_ptr++;	2863	bcc_ptr++;
2773		2864
2774	len = strnlen(bcc_ptr, 1024);	2865	len = strnlen(bcc_ptr, 1024);
2775	if (ses->serverDomain)	2866	kfree(ses->serverDomain);
2776	kfree(ses->serverDomain);
2777	ses->serverDomain = kzalloc(len + 1,	2867	ses->serverDomain = kzalloc(len + 1,
2778	GFP_KERNEL);	2868	GFP_KERNEL);
2779	if (ses->serverDomain == NULL)	2869	if (ses->serverDomain == NULL)
@@ -3013,8 +3103,7 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
3013	/* We look for obvious messed up bcc or strings in response so we do not go off	3103	/* We look for obvious messed up bcc or strings in response so we do not go off
3014	the end since (at least) WIN2K and Windows XP have a major bug in not null	3104	the end since (at least) WIN2K and Windows XP have a major bug in not null
3015	terminating last Unicode string in response */	3105	terminating last Unicode string in response */
3016	if (ses->serverOS)	3106	kfree(ses->serverOS);
3017	kfree(ses->serverOS);
3018	ses->serverOS =	3107	ses->serverOS =
3019	kzalloc(2 * (len + 1), GFP_KERNEL);	3108	kzalloc(2 * (len + 1), GFP_KERNEL);
3020	cifs_strfromUCS_le(ses->serverOS,	3109	cifs_strfromUCS_le(ses->serverOS,
@@ -3086,8 +3175,7 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
3086	if (((long) bcc_ptr + len) - (long)	3175	if (((long) bcc_ptr + len) - (long)
3087	pByteArea(smb_buffer_response)	3176	pByteArea(smb_buffer_response)
3088	<= BCC(smb_buffer_response)) {	3177	<= BCC(smb_buffer_response)) {
3089	if (ses->serverOS)	3178	kfree(ses->serverOS);
3090	kfree(ses->serverOS);
3091	ses->serverOS =	3179	ses->serverOS =
3092	kzalloc(len + 1,	3180	kzalloc(len + 1,
3093	GFP_KERNEL);	3181	GFP_KERNEL);
@@ -3414,8 +3502,7 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
3414	/* We look for obvious messed up bcc or strings in response so we do not go off	3502	/* We look for obvious messed up bcc or strings in response so we do not go off
3415	the end since (at least) WIN2K and Windows XP have a major bug in not null	3503	the end since (at least) WIN2K and Windows XP have a major bug in not null
3416	terminating last Unicode string in response */	3504	terminating last Unicode string in response */
3417	if (ses->serverOS)	3505	kfree(ses->serverOS);
3418	kfree(ses->serverOS);
3419	ses->serverOS =	3506	ses->serverOS =
3420	kzalloc(2 * (len + 1), GFP_KERNEL);	3507	kzalloc(2 * (len + 1), GFP_KERNEL);
3421	cifs_strfromUCS_le(ses->serverOS,	3508	cifs_strfromUCS_le(ses->serverOS,
@@ -3448,8 +3535,7 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
3448	if (remaining_words > 0) {	3535	if (remaining_words > 0) {
3449	len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);	3536	len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
3450	/* last string not always null terminated (e.g. for Windows XP & 2000) */	3537	/* last string not always null terminated (e.g. for Windows XP & 2000) */
3451	if (ses->serverDomain)	3538	kfree(ses->serverDomain);
3452	kfree(ses->serverDomain);
3453	ses->serverDomain =	3539	ses->serverDomain =
3454	kzalloc(2 *	3540	kzalloc(2 *
3455	(len +	3541	(len +
@@ -3476,13 +3562,11 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
3476	= 0;	3562	= 0;
3477	} /* else no more room so create dummy domain string */	3563	} /* else no more room so create dummy domain string */
3478	else {	3564	else {
3479	if (ses->serverDomain)	3565	kfree(ses->serverDomain);
3480	kfree(ses->serverDomain);
3481	ses->serverDomain = kzalloc(2,GFP_KERNEL);	3566	ses->serverDomain = kzalloc(2,GFP_KERNEL);
3482	}	3567	}
3483	} else { /* no room so create dummy domain and NOS string */	3568	} else { /* no room so create dummy domain and NOS string */
3484	if (ses->serverDomain)	3569	kfree(ses->serverDomain);
3485	kfree(ses->serverDomain);
3486	ses->serverDomain = kzalloc(2, GFP_KERNEL);	3570	ses->serverDomain = kzalloc(2, GFP_KERNEL);
3487	kfree(ses->serverNOS);	3571	kfree(ses->serverNOS);
3488	ses->serverNOS = kzalloc(2, GFP_KERNEL);	3572	ses->serverNOS = kzalloc(2, GFP_KERNEL);
@@ -3492,8 +3576,7 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
3492	if (((long) bcc_ptr + len) -	3576	if (((long) bcc_ptr + len) -
3493	(long) pByteArea(smb_buffer_response)	3577	(long) pByteArea(smb_buffer_response)
3494	<= BCC(smb_buffer_response)) {	3578	<= BCC(smb_buffer_response)) {
3495	if (ses->serverOS)	3579	kfree(ses->serverOS);
3496	kfree(ses->serverOS);
3497	ses->serverOS = kzalloc(len + 1, GFP_KERNEL);	3580	ses->serverOS = kzalloc(len + 1, GFP_KERNEL);
3498	strncpy(ses->serverOS,bcc_ptr, len);	3581	strncpy(ses->serverOS,bcc_ptr, len);
3499		3582
@@ -3512,8 +3595,7 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
3512	bcc_ptr++;	3595	bcc_ptr++;
3513		3596
3514	len = strnlen(bcc_ptr, 1024);	3597	len = strnlen(bcc_ptr, 1024);
3515	if (ses->serverDomain)	3598	kfree(ses->serverDomain);
3516	kfree(ses->serverDomain);
3517	ses->serverDomain =	3599	ses->serverDomain =
3518	kzalloc(len+1,	3600	kzalloc(len+1,
3519	GFP_KERNEL);	3601	GFP_KERNEL);
@@ -3674,16 +3756,15 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
3674	BCC(smb_buffer_response)) {	3756	BCC(smb_buffer_response)) {
3675	kfree(tcon->nativeFileSystem);	3757	kfree(tcon->nativeFileSystem);
3676	tcon->nativeFileSystem =	3758	tcon->nativeFileSystem =
3677	kzalloc(2*(length + 1), GFP_KERNEL);	3759	kzalloc((4 * length) + 2, GFP_KERNEL);
3678	if (tcon->nativeFileSystem)	3760	if (tcon->nativeFileSystem) {
3679	cifs_strfromUCS_le(	3761	cifs_strfromUCS_le(
3680	tcon->nativeFileSystem,	3762	tcon->nativeFileSystem,
3681	(__le16 *) bcc_ptr,	3763	(__le16 *) bcc_ptr,
3682	length, nls_codepage);	3764	length, nls_codepage);
3683	bcc_ptr += 2 * length;	3765	cFYI(1, ("nativeFileSystem=%s",
3684	bcc_ptr[0] = 0; /* null terminate the string */	3766	tcon->nativeFileSystem));
3685	bcc_ptr[1] = 0;	3767	}
3686	bcc_ptr += 2;
3687	}	3768	}
3688	/* else do not bother copying these information fields*/	3769	/* else do not bother copying these information fields*/
3689	} else {	3770	} else {