Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f34d69c3 authored by Insu Yun's avatar Insu Yun Committed by Steve French
Browse files

cifs: fix potential overflow in cifs_compose_mount_options 



In worst case, "ip=" + sb_mountdata + ipv6 can be copied into mountdata.
Therefore, for safe, it is better to add more size when allocating memory.

Signed-off-by: default avatarInsu Yun <wuninsu@gmail.com>
Signed-off-by: default avatarSteve French <smfrench@gmail.com>
parent 997152f6

fs/cifs/cifs_dfs_ref.c

+1 −1
Original line number Diff line number Diff line
@@ -175,7 +175,7 @@ char *cifs_compose_mount_options(const char *sb_mountdata, 
	 * string to the length of the original string to allow for worst case.

	 */

	md_len = strlen(sb_mountdata) + INET6_ADDRSTRLEN;

	mountdata = kzalloc(md_len + 1, GFP_KERNEL);

	mountdata = kzalloc(md_len + sizeof("ip=") + 1, GFP_KERNEL);

	if (mountdata == NULL) {

		rc = -ENOMEM;

		goto compose_mount_options_err;