1 files changed, 2 insertions, 2 deletions
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
index 5f22de7b79a9..b234407a3007 100644
--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c
@@ -228,7 +228,7 @@ static int decode_unicode_ssetup(char **pbcc_area, int bleft,
        kfree(ses->serverOS);
        /* UTF-8 string will not grow more than four times as big as UCS-16 */
-        ses->serverOS = kzalloc(4 * len, GFP_KERNEL);
+        ses->serverOS = kzalloc((4 * len) + 2 /* trailing null */, GFP_KERNEL);
        if (ses->serverOS != NULL)
                cifs_strfromUCS_le(ses->serverOS, (__le16 *)data, len, nls_cp);
        data += 2 * (len + 1);
@@ -241,7 +241,7 @@ static int decode_unicode_ssetup(char **pbcc_area, int bleft,
                return rc;
        kfree(ses->serverNOS);
-        ses->serverNOS = kzalloc(4 * len, GFP_KERNEL); /* BB this is wrong length FIXME BB */
+        ses->serverNOS = kzalloc((4 * len) + 2 /* trailing null */, GFP_KERNEL);
        if (ses->serverNOS != NULL) {
                cifs_strfromUCS_le(ses->serverNOS, (__le16 *)data, len,
                                   nls_cp);

diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c index 5f22de7b79a9..b234407a3007 100644 --- a/fs/cifs/sess.c +++ b/fs/cifs/sess.c
@@ -228,7 +228,7 @@ static int decode_unicode_ssetup(char **pbcc_area, int bleft,
228		228
229	kfree(ses->serverOS);	229	kfree(ses->serverOS);
230	/* UTF-8 string will not grow more than four times as big as UCS-16 */	230	/* UTF-8 string will not grow more than four times as big as UCS-16 */
231	ses->serverOS = kzalloc(4 * len, GFP_KERNEL);	231	ses->serverOS = kzalloc((4 * len) + 2 /* trailing null */, GFP_KERNEL);
232	if (ses->serverOS != NULL)	232	if (ses->serverOS != NULL)
233	cifs_strfromUCS_le(ses->serverOS, (__le16 *)data, len, nls_cp);	233	cifs_strfromUCS_le(ses->serverOS, (__le16 *)data, len, nls_cp);
234	data += 2 * (len + 1);	234	data += 2 * (len + 1);
@@ -241,7 +241,7 @@ static int decode_unicode_ssetup(char **pbcc_area, int bleft,
241	return rc;	241	return rc;
242		242
243	kfree(ses->serverNOS);	243	kfree(ses->serverNOS);
244	ses->serverNOS = kzalloc(4 * len, GFP_KERNEL); /* BB this is wrong length FIXME BB */	244	ses->serverNOS = kzalloc((4 * len) + 2 /* trailing null */, GFP_KERNEL);
245	if (ses->serverNOS != NULL) {	245	if (ses->serverNOS != NULL) {
246	cifs_strfromUCS_le(ses->serverNOS, (__le16 *)data, len,	246	cifs_strfromUCS_le(ses->serverNOS, (__le16 *)data, len,
247	nls_cp);	247	nls_cp);