aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSuresh Jayaraman <sjayaraman@suse.de>2009-04-20 18:54:21 +0530
committerSteve French <sfrench@us.ibm.com>2009-04-20 19:58:06 +0000
commit968460ebd8006d55661dec0fb86712b40d71c413 (patch)
treedf76b9f2928e4c347a79a9837815d4a5a6e8c7cf
parentff6945279d45edd8f6b0a5ddb1ef16cecce3ea9c (diff)
downloadkernel_goldelico_gta04-968460ebd8006d55661dec0fb86712b40d71c413.zip
kernel_goldelico_gta04-968460ebd8006d55661dec0fb86712b40d71c413.tar.gz
kernel_goldelico_gta04-968460ebd8006d55661dec0fb86712b40d71c413.tar.bz2
cifs: Rename cifs_strncpy_to_host and fix buffer size
There is a possibility for the path_name and node_name buffers to overflow if they contain charcters that are >2 bytes in the local charset. Resize the buffer allocation so to avoid this possibility. Also, as pointed out by Jeff Layton, it would be appropriate to rename the function to cifs_strlcpy_to_host to reflect the fact that the copied string is always NULL terminated. Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de> Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
-rw-r--r--fs/cifs/cifssmb.c20
1 files changed, 10 insertions, 10 deletions
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
index a0845dc..a02c43b 100644
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -88,29 +88,29 @@ static struct {
* on failure - errno
*/
static int
-cifs_strncpy_to_host(char **dst, const char *src, const int maxlen,
+cifs_strlcpy_to_host(char **dst, const char *src, const int maxlen,
const bool is_unicode, const struct nls_table *nls_codepage)
{
int plen;
if (is_unicode) {
plen = UniStrnlen((wchar_t *)src, maxlen);
- *dst = kmalloc(plen + 2, GFP_KERNEL);
+ *dst = kmalloc((4 * plen) + 2, GFP_KERNEL);
if (!*dst)
- goto cifs_strncpy_to_host_ErrExit;
+ goto cifs_strlcpy_to_host_ErrExit;
cifs_strfromUCS_le(*dst, (__le16 *)src, plen, nls_codepage);
+ (*dst)[plen] = 0;
+ (*dst)[plen+1] = 0; /* needed for Unicode */
} else {
plen = strnlen(src, maxlen);
*dst = kmalloc(plen + 2, GFP_KERNEL);
if (!*dst)
- goto cifs_strncpy_to_host_ErrExit;
- strncpy(*dst, src, plen);
+ goto cifs_strlcpy_to_host_ErrExit;
+ strlcpy(*dst, src, plen);
}
- (*dst)[plen] = 0;
- (*dst)[plen+1] = 0; /* harmless for ASCII case, needed for Unicode */
return 0;
-cifs_strncpy_to_host_ErrExit:
+cifs_strlcpy_to_host_ErrExit:
cERROR(1, ("Failed to allocate buffer for string\n"));
return -ENOMEM;
}
@@ -4029,7 +4029,7 @@ parse_DFS_referrals(TRANSACTION2_GET_DFS_REFER_RSP *pSMBr,
/* copy DfsPath */
temp = (char *)ref + le16_to_cpu(ref->DfsPathOffset);
max_len = data_end - temp;
- rc = cifs_strncpy_to_host(&(node->path_name), temp,
+ rc = cifs_strlcpy_to_host(&(node->path_name), temp,
max_len, is_unicode, nls_codepage);
if (rc)
goto parse_DFS_referrals_exit;
@@ -4037,7 +4037,7 @@ parse_DFS_referrals(TRANSACTION2_GET_DFS_REFER_RSP *pSMBr,
/* copy link target UNC */
temp = (char *)ref + le16_to_cpu(ref->NetworkAddressOffset);
max_len = data_end - temp;
- rc = cifs_strncpy_to_host(&(node->node_name), temp,
+ rc = cifs_strlcpy_to_host(&(node->node_name), temp,
max_len, is_unicode, nls_codepage);
if (rc)
goto parse_DFS_referrals_exit;