From 3f5b5152624ab60584b9034ea0f2e2dca2250e2f Mon Sep 17 00:00:00 2001 From: Fedor Date: Sat, 19 Dec 2009 04:29:30 -0500 Subject: [PATCH] CIFS 1.49 fix for CVE-2009-1439 --- release/src/linux/linux/fs/cifs/connect.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/release/src/linux/linux/fs/cifs/connect.c b/release/src/linux/linux/fs/cifs/connect.c index d892f7e67f..5f319c81f4 100644 --- a/release/src/linux/linux/fs/cifs/connect.c +++ b/release/src/linux/linux/fs/cifs/connect.c @@ -3334,14 +3334,11 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses, BCC(smb_buffer_response)) { kfree(tcon->nativeFileSystem); tcon->nativeFileSystem = - kzalloc(length + 2, GFP_KERNEL); + kzalloc((4 * length) + 2, GFP_KERNEL); cifs_strfromUCS_le(tcon->nativeFileSystem, (__le16 *) bcc_ptr, length, nls_codepage); - bcc_ptr += 2 * length; - bcc_ptr[0] = 0; /* null terminate the string */ - bcc_ptr[1] = 0; - bcc_ptr += 2; + bcc_ptr += (2 * length) + 2; } /* else do not bother copying these informational fields */ } else { -- 2.11.4.GIT