From patchwork Fri Apr 17 15:21:11 2009 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Suresh Jayaraman X-Patchwork-Id: 18700 Received: from lists.samba.org (mail.samba.org [66.70.73.150]) by demeter.kernel.org (8.14.2/8.14.2) with ESMTP id n3HFLpkp029628 for ; Fri, 17 Apr 2009 15:21:51 GMT Received: from dp.samba.org (localhost [127.0.0.1]) by lists.samba.org (Postfix) with ESMTP id DE9F8163CF6 for ; Fri, 17 Apr 2009 15:21:30 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on dp.samba.org X-Spam-Level: X-Spam-Status: No, score=-2.6 required=3.8 tests=AWL, BAYES_00 autolearn=ham version=3.1.7 X-Original-To: linux-cifs-client@lists.samba.org Delivered-To: linux-cifs-client@lists.samba.org Received: from mx2.suse.de (cantor2.suse.de [195.135.220.15]) by lists.samba.org (Postfix) with ESMTP id 363C0163B99 for ; Fri, 17 Apr 2009 15:21:06 +0000 (GMT) Received: from Relay1.suse.de (relay-ext.suse.de [195.135.221.8]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx2.suse.de (Postfix) with ESMTP id 822B55FC9F; Fri, 17 Apr 2009 17:21:26 +0200 (CEST) Message-ID: <49E89E67.2030900@suse.de> Date: Fri, 17 Apr 2009 20:51:11 +0530 From: Suresh Jayaraman User-Agent: Thunderbird 2.0.0.19 (X11/20081227) MIME-Version: 1.0 To: Steve French X-Enigmail-Version: 0.95.7 Cc: "linux-cifs-client@lists.samba.org" , Jeff Layton Subject: [linux-cifs-client] [PATCH 5/5] cifs: Fix buffer size in cifs_strncpy_to_host X-BeenThere: linux-cifs-client@lists.samba.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: The Linux CIFS VFS client List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-cifs-client-bounces+patchwork-cifs-client=patchwork.kernel.org@lists.samba.org Errors-To: linux-cifs-client-bounces+patchwork-cifs-client=patchwork.kernel.org@lists.samba.org Fix insufficient buffer allocation and replace kmalloc() with kzalloc() so that we ensure safe NULL termination always in unicode case. Signed-off-by: Suresh Jayaraman --- fs/cifs/cifssmb.c | 10 ++++++---- 1 files changed, 6 insertions(+), 4 deletions(-) Index: cifs-2.6.git/fs/cifs/cifssmb.c =================================================================== --- cifs-2.6.git.orig/fs/cifs/cifssmb.c +++ cifs-2.6.git/fs/cifs/cifssmb.c @@ -123,22 +123,24 @@ cifs_strncpy_to_host(char **dst, const c const bool is_unicode, const struct nls_table *nls_codepage) { int plen; + size_t nbytes; if (is_unicode) { - plen = UniStrnlen((wchar_t *)src, maxlen); - *dst = kmalloc(plen + 2, GFP_KERNEL); + nbytes = UniStrnlenBytes((wchar_t *)src, maxlen, &plen, + nls_codepage); + *dst = kzalloc(nbytes + 2, GFP_KERNEL); if (!*dst) goto cifs_strncpy_to_host_ErrExit; cifs_strfromUCS_le(*dst, (__le16 *)src, plen, nls_codepage); + /* kzalloc() ensures NULL termination */ } else { plen = strnlen(src, maxlen); *dst = kmalloc(plen + 2, GFP_KERNEL); if (!*dst) goto cifs_strncpy_to_host_ErrExit; strncpy(*dst, src, plen); + (*dst)[plen] = 0; } - (*dst)[plen] = 0; - (*dst)[plen+1] = 0; /* harmless for ASCII case, needed for Unicode */ return 0; cifs_strncpy_to_host_ErrExit: