Commit 13589c43 authored Aug 18, 2011 by Steve French

[CIFS] possible memory corruption on mount



CIFS cleanup_volume_info_contents() looks like having a memory
corruption problem.
When UNCip is set to "&vol->UNC[2]" in cifs_parse_mount_options(), it
should not be kfree()-ed in cleanup_volume_info_contents().

Introduced in commit b946845a

Signed-off-by: J.R. Okajima <hooanon05@yahoo.co.jp>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
CC: Stable <stable@kernel.org>
Signed-off-by: Steve French <sfrench@us.ibm.com>

parent fa71f447

fs/cifs/connect.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -2878,6 +2878,7 @@ cleanup_volume_info_contents(struct smb_vol *volume_info)
		kfree(volume_info->username);
		kzfree(volume_info->password);
		kfree(volume_info->UNC);
		if (volume_info->UNCip != volume_info->UNC + 2)
		kfree(volume_info->UNCip);
		kfree(volume_info->domainname);
		kfree(volume_info->iocharset);