diff options
Diffstat (limited to 'fs')
-rw-r--r-- | fs/cifs/connect.c | 88 |
1 files changed, 82 insertions, 6 deletions
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index 105544b0a275..f6ffb5bd29f7 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c | |||
@@ -2148,6 +2148,8 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses, | |||
2148 | /* We look for obvious messed up bcc or strings in response so we do not go off | 2148 | /* We look for obvious messed up bcc or strings in response so we do not go off |
2149 | the end since (at least) WIN2K and Windows XP have a major bug in not null | 2149 | the end since (at least) WIN2K and Windows XP have a major bug in not null |
2150 | terminating last Unicode string in response */ | 2150 | terminating last Unicode string in response */ |
2151 | if(ses->serverOS) | ||
2152 | kfree(ses->serverOS); | ||
2151 | ses->serverOS = kzalloc(2 * (len + 1), GFP_KERNEL); | 2153 | ses->serverOS = kzalloc(2 * (len + 1), GFP_KERNEL); |
2152 | if(ses->serverOS == NULL) | 2154 | if(ses->serverOS == NULL) |
2153 | goto sesssetup_nomem; | 2155 | goto sesssetup_nomem; |
@@ -2160,6 +2162,8 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses, | |||
2160 | if (remaining_words > 0) { | 2162 | if (remaining_words > 0) { |
2161 | len = UniStrnlen((wchar_t *)bcc_ptr, | 2163 | len = UniStrnlen((wchar_t *)bcc_ptr, |
2162 | remaining_words-1); | 2164 | remaining_words-1); |
2165 | if(ses->serverNOS) | ||
2166 | kfree(ses->serverNOS); | ||
2163 | ses->serverNOS = kzalloc(2 * (len + 1),GFP_KERNEL); | 2167 | ses->serverNOS = kzalloc(2 * (len + 1),GFP_KERNEL); |
2164 | if(ses->serverNOS == NULL) | 2168 | if(ses->serverNOS == NULL) |
2165 | goto sesssetup_nomem; | 2169 | goto sesssetup_nomem; |
@@ -2177,6 +2181,8 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses, | |||
2177 | if (remaining_words > 0) { | 2181 | if (remaining_words > 0) { |
2178 | len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words); | 2182 | len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words); |
2179 | /* last string is not always null terminated (for e.g. for Windows XP & 2000) */ | 2183 | /* last string is not always null terminated (for e.g. for Windows XP & 2000) */ |
2184 | if(ses->serverDomain) | ||
2185 | kfree(ses->serverDomain); | ||
2180 | ses->serverDomain = | 2186 | ses->serverDomain = |
2181 | kzalloc(2*(len+1),GFP_KERNEL); | 2187 | kzalloc(2*(len+1),GFP_KERNEL); |
2182 | if(ses->serverDomain == NULL) | 2188 | if(ses->serverDomain == NULL) |
@@ -2187,15 +2193,22 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses, | |||
2187 | ses->serverDomain[2*len] = 0; | 2193 | ses->serverDomain[2*len] = 0; |
2188 | ses->serverDomain[1+(2*len)] = 0; | 2194 | ses->serverDomain[1+(2*len)] = 0; |
2189 | } /* else no more room so create dummy domain string */ | 2195 | } /* else no more room so create dummy domain string */ |
2190 | else | 2196 | else { |
2197 | if(ses->serverDomain) | ||
2198 | kfree(ses->serverDomain); | ||
2191 | ses->serverDomain = | 2199 | ses->serverDomain = |
2192 | kzalloc(2, GFP_KERNEL); | 2200 | kzalloc(2, GFP_KERNEL); |
2201 | } | ||
2193 | } else { /* no room so create dummy domain and NOS string */ | 2202 | } else { /* no room so create dummy domain and NOS string */ |
2194 | /* if these kcallocs fail not much we | 2203 | /* if these kcallocs fail not much we |
2195 | can do, but better to not fail the | 2204 | can do, but better to not fail the |
2196 | sesssetup itself */ | 2205 | sesssetup itself */ |
2206 | if(ses->serverDomain) | ||
2207 | kfree(ses->serverDomain); | ||
2197 | ses->serverDomain = | 2208 | ses->serverDomain = |
2198 | kzalloc(2, GFP_KERNEL); | 2209 | kzalloc(2, GFP_KERNEL); |
2210 | if(ses->serverNOS) | ||
2211 | kfree(ses->serverNOS); | ||
2199 | ses->serverNOS = | 2212 | ses->serverNOS = |
2200 | kzalloc(2, GFP_KERNEL); | 2213 | kzalloc(2, GFP_KERNEL); |
2201 | } | 2214 | } |
@@ -2204,6 +2217,8 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses, | |||
2204 | if (((long) bcc_ptr + len) - (long) | 2217 | if (((long) bcc_ptr + len) - (long) |
2205 | pByteArea(smb_buffer_response) | 2218 | pByteArea(smb_buffer_response) |
2206 | <= BCC(smb_buffer_response)) { | 2219 | <= BCC(smb_buffer_response)) { |
2220 | if(ses->serverOS) | ||
2221 | kfree(ses->serverOS); | ||
2207 | ses->serverOS = kzalloc(len + 1,GFP_KERNEL); | 2222 | ses->serverOS = kzalloc(len + 1,GFP_KERNEL); |
2208 | if(ses->serverOS == NULL) | 2223 | if(ses->serverOS == NULL) |
2209 | goto sesssetup_nomem; | 2224 | goto sesssetup_nomem; |
@@ -2214,6 +2229,8 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses, | |||
2214 | bcc_ptr++; | 2229 | bcc_ptr++; |
2215 | 2230 | ||
2216 | len = strnlen(bcc_ptr, 1024); | 2231 | len = strnlen(bcc_ptr, 1024); |
2232 | if(ses->serverNOS) | ||
2233 | kfree(ses->serverNOS); | ||
2217 | ses->serverNOS = kzalloc(len + 1,GFP_KERNEL); | 2234 | ses->serverNOS = kzalloc(len + 1,GFP_KERNEL); |
2218 | if(ses->serverNOS == NULL) | 2235 | if(ses->serverNOS == NULL) |
2219 | goto sesssetup_nomem; | 2236 | goto sesssetup_nomem; |
@@ -2223,6 +2240,8 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses, | |||
2223 | bcc_ptr++; | 2240 | bcc_ptr++; |
2224 | 2241 | ||
2225 | len = strnlen(bcc_ptr, 1024); | 2242 | len = strnlen(bcc_ptr, 1024); |
2243 | if(ses->serverDomain) | ||
2244 | kfree(ses->serverDomain); | ||
2226 | ses->serverDomain = kzalloc(len + 1,GFP_KERNEL); | 2245 | ses->serverDomain = kzalloc(len + 1,GFP_KERNEL); |
2227 | if(ses->serverDomain == NULL) | 2246 | if(ses->serverDomain == NULL) |
2228 | goto sesssetup_nomem; | 2247 | goto sesssetup_nomem; |
@@ -2427,6 +2446,8 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses, | |||
2427 | /* We look for obvious messed up bcc or strings in response so we do not go off | 2446 | /* We look for obvious messed up bcc or strings in response so we do not go off |
2428 | the end since (at least) WIN2K and Windows XP have a major bug in not null | 2447 | the end since (at least) WIN2K and Windows XP have a major bug in not null |
2429 | terminating last Unicode string in response */ | 2448 | terminating last Unicode string in response */ |
2449 | if(ses->serverOS) | ||
2450 | kfree(ses->serverOS); | ||
2430 | ses->serverOS = | 2451 | ses->serverOS = |
2431 | kzalloc(2 * (len + 1), GFP_KERNEL); | 2452 | kzalloc(2 * (len + 1), GFP_KERNEL); |
2432 | cifs_strfromUCS_le(ses->serverOS, | 2453 | cifs_strfromUCS_le(ses->serverOS, |
@@ -2441,6 +2462,8 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses, | |||
2441 | len = UniStrnlen((wchar_t *)bcc_ptr, | 2462 | len = UniStrnlen((wchar_t *)bcc_ptr, |
2442 | remaining_words | 2463 | remaining_words |
2443 | - 1); | 2464 | - 1); |
2465 | if(ses->serverNOS) | ||
2466 | kfree(ses->serverNOS); | ||
2444 | ses->serverNOS = | 2467 | ses->serverNOS = |
2445 | kzalloc(2 * (len + 1), | 2468 | kzalloc(2 * (len + 1), |
2446 | GFP_KERNEL); | 2469 | GFP_KERNEL); |
@@ -2454,7 +2477,9 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses, | |||
2454 | remaining_words -= len + 1; | 2477 | remaining_words -= len + 1; |
2455 | if (remaining_words > 0) { | 2478 | if (remaining_words > 0) { |
2456 | len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words); | 2479 | len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words); |
2457 | /* last string is not always null terminated (for e.g. for Windows XP & 2000) */ | 2480 | /* last string not null terminated (e.g.Windows XP/2000) */ |
2481 | if(ses->serverDomain) | ||
2482 | kfree(ses->serverDomain); | ||
2458 | ses->serverDomain = kzalloc(2*(len+1),GFP_KERNEL); | 2483 | ses->serverDomain = kzalloc(2*(len+1),GFP_KERNEL); |
2459 | cifs_strfromUCS_le(ses->serverDomain, | 2484 | cifs_strfromUCS_le(ses->serverDomain, |
2460 | (__le16 *)bcc_ptr, | 2485 | (__le16 *)bcc_ptr, |
@@ -2463,11 +2488,18 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses, | |||
2463 | ses->serverDomain[2*len] = 0; | 2488 | ses->serverDomain[2*len] = 0; |
2464 | ses->serverDomain[1+(2*len)] = 0; | 2489 | ses->serverDomain[1+(2*len)] = 0; |
2465 | } /* else no more room so create dummy domain string */ | 2490 | } /* else no more room so create dummy domain string */ |
2466 | else | 2491 | else { |
2492 | if(ses->serverDomain) | ||
2493 | ` kfree(ses->serverDomain); | ||
2467 | ses->serverDomain = | 2494 | ses->serverDomain = |
2468 | kzalloc(2,GFP_KERNEL); | 2495 | kzalloc(2,GFP_KERNEL); |
2469 | } else { /* no room so create dummy domain and NOS string */ | 2496 | } |
2497 | } else {/* no room use dummy domain&NOS */ | ||
2498 | if(ses->serverDomain) | ||
2499 | kfree(ses->serverDomain); | ||
2470 | ses->serverDomain = kzalloc(2, GFP_KERNEL); | 2500 | ses->serverDomain = kzalloc(2, GFP_KERNEL); |
2501 | if(ses->serverNOS) | ||
2502 | kfree(ses->serverNOS); | ||
2471 | ses->serverNOS = kzalloc(2, GFP_KERNEL); | 2503 | ses->serverNOS = kzalloc(2, GFP_KERNEL); |
2472 | } | 2504 | } |
2473 | } else { /* ASCII */ | 2505 | } else { /* ASCII */ |
@@ -2476,6 +2508,8 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses, | |||
2476 | if (((long) bcc_ptr + len) - (long) | 2508 | if (((long) bcc_ptr + len) - (long) |
2477 | pByteArea(smb_buffer_response) | 2509 | pByteArea(smb_buffer_response) |
2478 | <= BCC(smb_buffer_response)) { | 2510 | <= BCC(smb_buffer_response)) { |
2511 | if(ses->serverOS) | ||
2512 | kfree(ses->serverOS); | ||
2479 | ses->serverOS = kzalloc(len + 1, GFP_KERNEL); | 2513 | ses->serverOS = kzalloc(len + 1, GFP_KERNEL); |
2480 | strncpy(ses->serverOS, bcc_ptr, len); | 2514 | strncpy(ses->serverOS, bcc_ptr, len); |
2481 | 2515 | ||
@@ -2484,6 +2518,8 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses, | |||
2484 | bcc_ptr++; | 2518 | bcc_ptr++; |
2485 | 2519 | ||
2486 | len = strnlen(bcc_ptr, 1024); | 2520 | len = strnlen(bcc_ptr, 1024); |
2521 | if(ses->serverNOS) | ||
2522 | kfree(ses->serverNOS); | ||
2487 | ses->serverNOS = kzalloc(len + 1,GFP_KERNEL); | 2523 | ses->serverNOS = kzalloc(len + 1,GFP_KERNEL); |
2488 | strncpy(ses->serverNOS, bcc_ptr, len); | 2524 | strncpy(ses->serverNOS, bcc_ptr, len); |
2489 | bcc_ptr += len; | 2525 | bcc_ptr += len; |
@@ -2491,6 +2527,8 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses, | |||
2491 | bcc_ptr++; | 2527 | bcc_ptr++; |
2492 | 2528 | ||
2493 | len = strnlen(bcc_ptr, 1024); | 2529 | len = strnlen(bcc_ptr, 1024); |
2530 | if(ses->serverDomain) | ||
2531 | kfree(ses->severDomain); | ||
2494 | ses->serverDomain = kzalloc(len + 1, GFP_KERNEL); | 2532 | ses->serverDomain = kzalloc(len + 1, GFP_KERNEL); |
2495 | strncpy(ses->serverDomain, bcc_ptr, len); | 2533 | strncpy(ses->serverDomain, bcc_ptr, len); |
2496 | bcc_ptr += len; | 2534 | bcc_ptr += len; |
@@ -2728,6 +2766,8 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid, | |||
2728 | /* We look for obvious messed up bcc or strings in response so we do not go off | 2766 | /* We look for obvious messed up bcc or strings in response so we do not go off |
2729 | the end since (at least) WIN2K and Windows XP have a major bug in not null | 2767 | the end since (at least) WIN2K and Windows XP have a major bug in not null |
2730 | terminating last Unicode string in response */ | 2768 | terminating last Unicode string in response */ |
2769 | if(ses->serverOS) | ||
2770 | kfree(ses->serverOS); | ||
2731 | ses->serverOS = | 2771 | ses->serverOS = |
2732 | kzalloc(2 * (len + 1), GFP_KERNEL); | 2772 | kzalloc(2 * (len + 1), GFP_KERNEL); |
2733 | cifs_strfromUCS_le(ses->serverOS, | 2773 | cifs_strfromUCS_le(ses->serverOS, |
@@ -2743,6 +2783,8 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid, | |||
2743 | bcc_ptr, | 2783 | bcc_ptr, |
2744 | remaining_words | 2784 | remaining_words |
2745 | - 1); | 2785 | - 1); |
2786 | if(ses->serverNOS) | ||
2787 | kfree(ses->serverNOS); | ||
2746 | ses->serverNOS = | 2788 | ses->serverNOS = |
2747 | kzalloc(2 * (len + 1), | 2789 | kzalloc(2 * (len + 1), |
2748 | GFP_KERNEL); | 2790 | GFP_KERNEL); |
@@ -2760,6 +2802,8 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid, | |||
2760 | if (remaining_words > 0) { | 2802 | if (remaining_words > 0) { |
2761 | len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words); | 2803 | len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words); |
2762 | /* last string is not always null terminated (for e.g. for Windows XP & 2000) */ | 2804 | /* last string is not always null terminated (for e.g. for Windows XP & 2000) */ |
2805 | if(ses->serverDomain) | ||
2806 | kfree(ses->serverDomain); | ||
2763 | ses->serverDomain = | 2807 | ses->serverDomain = |
2764 | kzalloc(2 * | 2808 | kzalloc(2 * |
2765 | (len + | 2809 | (len + |
@@ -2777,13 +2821,20 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid, | |||
2777 | [1 + (2 * len)] | 2821 | [1 + (2 * len)] |
2778 | = 0; | 2822 | = 0; |
2779 | } /* else no more room so create dummy domain string */ | 2823 | } /* else no more room so create dummy domain string */ |
2780 | else | 2824 | else { |
2825 | if(ses->serverDomain) | ||
2826 | kfree(ses->serverDomain); | ||
2781 | ses->serverDomain = | 2827 | ses->serverDomain = |
2782 | kzalloc(2, | 2828 | kzalloc(2, |
2783 | GFP_KERNEL); | 2829 | GFP_KERNEL); |
2830 | } | ||
2784 | } else { /* no room so create dummy domain and NOS string */ | 2831 | } else { /* no room so create dummy domain and NOS string */ |
2832 | if(ses->serverDomain); | ||
2833 | kfree(ses->serverDomain); | ||
2785 | ses->serverDomain = | 2834 | ses->serverDomain = |
2786 | kzalloc(2, GFP_KERNEL); | 2835 | kzalloc(2, GFP_KERNEL); |
2836 | if(ses->serverNOS) | ||
2837 | kfree(ses->serverNOS); | ||
2787 | ses->serverNOS = | 2838 | ses->serverNOS = |
2788 | kzalloc(2, GFP_KERNEL); | 2839 | kzalloc(2, GFP_KERNEL); |
2789 | } | 2840 | } |
@@ -2792,6 +2843,8 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid, | |||
2792 | if (((long) bcc_ptr + len) - (long) | 2843 | if (((long) bcc_ptr + len) - (long) |
2793 | pByteArea(smb_buffer_response) | 2844 | pByteArea(smb_buffer_response) |
2794 | <= BCC(smb_buffer_response)) { | 2845 | <= BCC(smb_buffer_response)) { |
2846 | if(ses->serverOS) | ||
2847 | kfree(ses->serverOS); | ||
2795 | ses->serverOS = | 2848 | ses->serverOS = |
2796 | kzalloc(len + 1, | 2849 | kzalloc(len + 1, |
2797 | GFP_KERNEL); | 2850 | GFP_KERNEL); |
@@ -2803,6 +2856,8 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid, | |||
2803 | bcc_ptr++; | 2856 | bcc_ptr++; |
2804 | 2857 | ||
2805 | len = strnlen(bcc_ptr, 1024); | 2858 | len = strnlen(bcc_ptr, 1024); |
2859 | if(ses->serverNOS) | ||
2860 | kfree(ses->serverNOS); | ||
2806 | ses->serverNOS = | 2861 | ses->serverNOS = |
2807 | kzalloc(len + 1, | 2862 | kzalloc(len + 1, |
2808 | GFP_KERNEL); | 2863 | GFP_KERNEL); |
@@ -2812,6 +2867,8 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid, | |||
2812 | bcc_ptr++; | 2867 | bcc_ptr++; |
2813 | 2868 | ||
2814 | len = strnlen(bcc_ptr, 1024); | 2869 | len = strnlen(bcc_ptr, 1024); |
2870 | if(ses->serverDomain) | ||
2871 | kfree(ses->serverDomain); | ||
2815 | ses->serverDomain = | 2872 | ses->serverDomain = |
2816 | kzalloc(len + 1, | 2873 | kzalloc(len + 1, |
2817 | GFP_KERNEL); | 2874 | GFP_KERNEL); |
@@ -3116,6 +3173,8 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses, | |||
3116 | /* We look for obvious messed up bcc or strings in response so we do not go off | 3173 | /* We look for obvious messed up bcc or strings in response so we do not go off |
3117 | the end since (at least) WIN2K and Windows XP have a major bug in not null | 3174 | the end since (at least) WIN2K and Windows XP have a major bug in not null |
3118 | terminating last Unicode string in response */ | 3175 | terminating last Unicode string in response */ |
3176 | if(ses->serverOS) | ||
3177 | kfree(serverOS); | ||
3119 | ses->serverOS = | 3178 | ses->serverOS = |
3120 | kzalloc(2 * (len + 1), GFP_KERNEL); | 3179 | kzalloc(2 * (len + 1), GFP_KERNEL); |
3121 | cifs_strfromUCS_le(ses->serverOS, | 3180 | cifs_strfromUCS_le(ses->serverOS, |
@@ -3131,6 +3190,8 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses, | |||
3131 | bcc_ptr, | 3190 | bcc_ptr, |
3132 | remaining_words | 3191 | remaining_words |
3133 | - 1); | 3192 | - 1); |
3193 | if(ses->serverNOS) | ||
3194 | kfree(ses->serverNOS); | ||
3134 | ses->serverNOS = | 3195 | ses->serverNOS = |
3135 | kzalloc(2 * (len + 1), | 3196 | kzalloc(2 * (len + 1), |
3136 | GFP_KERNEL); | 3197 | GFP_KERNEL); |
@@ -3147,6 +3208,8 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses, | |||
3147 | if (remaining_words > 0) { | 3208 | if (remaining_words > 0) { |
3148 | len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words); | 3209 | len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words); |
3149 | /* last string not always null terminated (e.g. for Windows XP & 2000) */ | 3210 | /* last string not always null terminated (e.g. for Windows XP & 2000) */ |
3211 | if(ses->serverDomain) | ||
3212 | kfree(ses->serverDomain); | ||
3150 | ses->serverDomain = | 3213 | ses->serverDomain = |
3151 | kzalloc(2 * | 3214 | kzalloc(2 * |
3152 | (len + | 3215 | (len + |
@@ -3172,10 +3235,17 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses, | |||
3172 | len)] | 3235 | len)] |
3173 | = 0; | 3236 | = 0; |
3174 | } /* else no more room so create dummy domain string */ | 3237 | } /* else no more room so create dummy domain string */ |
3175 | else | 3238 | else { |
3239 | if(ses->serverDomain) | ||
3240 | kfree(ses->serverDomain); | ||
3176 | ses->serverDomain = kzalloc(2,GFP_KERNEL); | 3241 | ses->serverDomain = kzalloc(2,GFP_KERNEL); |
3242 | } | ||
3177 | } else { /* no room so create dummy domain and NOS string */ | 3243 | } else { /* no room so create dummy domain and NOS string */ |
3244 | if(ses->serverDomain) | ||
3245 | kfree(ses->serverDomain); | ||
3178 | ses->serverDomain = kzalloc(2, GFP_KERNEL); | 3246 | ses->serverDomain = kzalloc(2, GFP_KERNEL); |
3247 | if(ses->serverNOS) | ||
3248 | kfree(ses->serverNOS); | ||
3179 | ses->serverNOS = kzalloc(2, GFP_KERNEL); | 3249 | ses->serverNOS = kzalloc(2, GFP_KERNEL); |
3180 | } | 3250 | } |
3181 | } else { /* ASCII */ | 3251 | } else { /* ASCII */ |
@@ -3183,6 +3253,8 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses, | |||
3183 | if (((long) bcc_ptr + len) - | 3253 | if (((long) bcc_ptr + len) - |
3184 | (long) pByteArea(smb_buffer_response) | 3254 | (long) pByteArea(smb_buffer_response) |
3185 | <= BCC(smb_buffer_response)) { | 3255 | <= BCC(smb_buffer_response)) { |
3256 | if(ses->serverOS) | ||
3257 | kfree(ses->serverOS); | ||
3186 | ses->serverOS = kzalloc(len + 1,GFP_KERNEL); | 3258 | ses->serverOS = kzalloc(len + 1,GFP_KERNEL); |
3187 | strncpy(ses->serverOS,bcc_ptr, len); | 3259 | strncpy(ses->serverOS,bcc_ptr, len); |
3188 | 3260 | ||
@@ -3191,6 +3263,8 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses, | |||
3191 | bcc_ptr++; | 3263 | bcc_ptr++; |
3192 | 3264 | ||
3193 | len = strnlen(bcc_ptr, 1024); | 3265 | len = strnlen(bcc_ptr, 1024); |
3266 | if(ses->serverNOS) | ||
3267 | kfree(ses->serverNOS); | ||
3194 | ses->serverNOS = kzalloc(len+1,GFP_KERNEL); | 3268 | ses->serverNOS = kzalloc(len+1,GFP_KERNEL); |
3195 | strncpy(ses->serverNOS, bcc_ptr, len); | 3269 | strncpy(ses->serverNOS, bcc_ptr, len); |
3196 | bcc_ptr += len; | 3270 | bcc_ptr += len; |
@@ -3198,6 +3272,8 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses, | |||
3198 | bcc_ptr++; | 3272 | bcc_ptr++; |
3199 | 3273 | ||
3200 | len = strnlen(bcc_ptr, 1024); | 3274 | len = strnlen(bcc_ptr, 1024); |
3275 | if(ses->serverDomain) | ||
3276 | kfree(ses->serverDomain); | ||
3201 | ses->serverDomain = kzalloc(len+1,GFP_KERNEL); | 3277 | ses->serverDomain = kzalloc(len+1,GFP_KERNEL); |
3202 | strncpy(ses->serverDomain, bcc_ptr, len); | 3278 | strncpy(ses->serverDomain, bcc_ptr, len); |
3203 | bcc_ptr += len; | 3279 | bcc_ptr += len; |