From patchwork Mon Apr 6 07:05:58 2009 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Suresh Jayaraman X-Patchwork-Id: 16480 Received: from lists.samba.org (mail.samba.org [66.70.73.150]) by demeter.kernel.org (8.14.2/8.14.2) with ESMTP id n3676oqO006650 for ; Mon, 6 Apr 2009 07:06:50 GMT Received: from dp.samba.org (localhost [127.0.0.1]) by lists.samba.org (Postfix) with ESMTP id 6C5BA163C35 for ; Mon, 6 Apr 2009 07:06:31 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on dp.samba.org X-Spam-Level: X-Spam-Status: No, score=-2.6 required=3.8 tests=AWL, BAYES_00 autolearn=ham version=3.1.7 X-Original-To: linux-cifs-client@lists.samba.org Delivered-To: linux-cifs-client@lists.samba.org Received: from victor.provo.novell.com (victor.provo.novell.com [137.65.250.26]) by lists.samba.org (Postfix) with ESMTP id 930AC163C31 for ; Mon, 6 Apr 2009 07:06:01 +0000 (GMT) Received: from [164.99.138.63] (prv-ext-foundry1.gns.novell.com [137.65.251.240]) by victor.provo.novell.com with ESMTP; Mon, 06 Apr 2009 01:06:02 -0600 Message-ID: <49D9A9D6.10003@suse.de> Date: Mon, 06 Apr 2009 12:35:58 +0530 From: Suresh Jayaraman User-Agent: Thunderbird 2.0.0.19 (X11/20081227) MIME-Version: 1.0 To: Steve French X-Enigmail-Version: 0.95.7 Cc: "linux-cifs-client@lists.samba.org" Subject: [linux-cifs-client] [PATCH] cifs: Fix insufficient memory allocation for nativeFileSystem field X-BeenThere: linux-cifs-client@lists.samba.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: The Linux CIFS VFS client List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-cifs-client-bounces+patchwork-cifs-client=patchwork.kernel.org@lists.samba.org Errors-To: linux-cifs-client-bounces+patchwork-cifs-client=patchwork.kernel.org@lists.samba.org The upstream commit b363b3304bcf68c4541683b2eff70b29f0446a5b attempted to fix memory overwrite during tree connect response processing while mounting. However, the memory allocated may still be insufficient as UTF-8 string can be upto 4X times as UCS. So, would it be safe to allocate memory that is 4X instead of 2X? Noticed by Marcus Meissner . Signed-off-by: Suresh Jayaraman --- fs/cifs/connect.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index 0de3b56..b361be0 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -3674,7 +3674,7 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses, BCC(smb_buffer_response)) { kfree(tcon->nativeFileSystem); tcon->nativeFileSystem = - kzalloc(2*(length + 1), GFP_KERNEL); + kzalloc((4 * length) + 2, GFP_KERNEL); if (tcon->nativeFileSystem) cifs_strfromUCS_le( tcon->nativeFileSystem,