1 |
From bfacf2225a955bea9c41c707fc72ba16009674a0 Mon Sep 17 00:00:00 2001 |
2 |
From: Jeff Layton <jlayton@redhat.com> |
3 |
Date: Wed, 27 Apr 2011 13:25:51 -0400 |
4 |
Subject: cifs: change bleft in decode_unicode_ssetup back to signed type |
5 |
|
6 |
From: Jeff Layton <jlayton@redhat.com> |
7 |
|
8 |
commit bfacf2225a955bea9c41c707fc72ba16009674a0 upstream. |
9 |
|
10 |
The buffer length checks in this function depend on this value being a |
11 |
signed data type, but 690c522fa converted it to an unsigned type. |
12 |
|
13 |
Also, eliminate a problem with the null termination check in the same |
14 |
function. cifs_strndup_from_ucs handles that situation correctly |
15 |
already, and the existing check could potentially lead to a buffer |
16 |
overrun since it increments bleft without checking to see whether it |
17 |
falls off the end of the buffer. |
18 |
|
19 |
Reported-and-Acked-by: David Howells <dhowells@redhat.com> |
20 |
Signed-off-by: Jeff Layton <jlayton@redhat.com> |
21 |
Signed-off-by: Steve French <sfrench@us.ibm.com> |
22 |
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
23 |
|
24 |
--- |
25 |
fs/cifs/sess.c | 15 +-------------- |
26 |
1 file changed, 1 insertion(+), 14 deletions(-) |
27 |
|
28 |
--- a/fs/cifs/sess.c |
29 |
+++ b/fs/cifs/sess.c |
30 |
@@ -277,7 +277,7 @@ static void ascii_ssetup_strings(char ** |
31 |
} |
32 |
|
33 |
static void |
34 |
-decode_unicode_ssetup(char **pbcc_area, __u16 bleft, struct cifsSesInfo *ses, |
35 |
+decode_unicode_ssetup(char **pbcc_area, int bleft, struct cifsSesInfo *ses, |
36 |
const struct nls_table *nls_cp) |
37 |
{ |
38 |
int len; |
39 |
@@ -285,19 +285,6 @@ decode_unicode_ssetup(char **pbcc_area, |
40 |
|
41 |
cFYI(1, "bleft %d", bleft); |
42 |
|
43 |
- /* |
44 |
- * Windows servers do not always double null terminate their final |
45 |
- * Unicode string. Check to see if there are an uneven number of bytes |
46 |
- * left. If so, then add an extra NULL pad byte to the end of the |
47 |
- * response. |
48 |
- * |
49 |
- * See section 2.7.2 in "Implementing CIFS" for details |
50 |
- */ |
51 |
- if (bleft % 2) { |
52 |
- data[bleft] = 0; |
53 |
- ++bleft; |
54 |
- } |
55 |
- |
56 |
kfree(ses->serverOS); |
57 |
ses->serverOS = cifs_strndup_from_ucs(data, bleft, true, nls_cp); |
58 |
cFYI(1, "serverOS=%s", ses->serverOS); |