| commit | bfacf2225a955bea9c41c707fc72ba16009674a0 | |
| author | Jeff Layton <jlayton@redhat.com> | |
| Wed, 27 Apr 2011 17:25:51 +0000 (27 13:25 -0400) | ||
| committer | Steve French <sfrench@us.ibm.com> | |
| Fri, 29 Apr 2011 04:57:35 +0000 (29 04:57 +0000) | ||
| tree | b164fd09adda6397a46d7a0e2e1438a3b5525d72 | treesnapshot (tar.gz zip) |
| parent | fafc9929c668f8bae6dd1f109f33a86d2cb3c460 | commitdiff |
cifs: change bleft in decode_unicode_ssetup back to signed type
The buffer length checks in this function depend on this value being a
signed data type, but 690c522fa converted it to an unsigned type.
Also, eliminate a problem with the null termination check in the same
function. cifs_strndup_from_ucs handles that situation correctly
already, and the existing check could potentially lead to a buffer
overrun since it increments bleft without checking to see whether it
falls off the end of the buffer.
Cc: stable@kernel.org
Reported-and-Acked-by: David Howells <dhowells@redhat.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
The buffer length checks in this function depend on this value being a
signed data type, but 690c522fa converted it to an unsigned type.
Also, eliminate a problem with the null termination check in the same
function. cifs_strndup_from_ucs handles that situation correctly
already, and the existing check could potentially lead to a buffer
overrun since it increments bleft without checking to see whether it
falls off the end of the buffer.
Cc: stable@kernel.org
Reported-and-Acked-by: David Howells <dhowells@redhat.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
| fs/cifs/sess.c | diffblobblamehistory |