Skip to content

Commit

Permalink
cifs: fix potential overflow in cifs_compose_mount_options
Browse files Browse the repository at this point in the history 
In worst case, "ip=" + sb_mountdata + ipv6 can be copied into mountdata.
Therefore, for safe, it is better to add more size when allocating memory.

Signed-off-by: Insu Yun <wuninsu@gmail.com>
Signed-off-by: Steve French <smfrench@gmail.com>
  • Loading branch information
Insu Yun authored and Steve French committed Feb 11, 2016
1 parent 997152f commit f34d69c
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion fs/cifs/cifs_dfs_ref.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -175,7 +175,7 @@ char *cifs_compose_mount_options(const char *sb_mountdata,
* string to the length of the original string to allow for worst case.
*/
md_len = strlen(sb_mountdata) + INET6_ADDRSTRLEN;
mountdata = kzalloc(md_len + 1, GFP_KERNEL);
mountdata = kzalloc(md_len + sizeof("ip=") + 1, GFP_KERNEL);
if (mountdata == NULL) {
rc = -ENOMEM;
goto compose_mount_options_err;
Expand Down

0 comments on commit f34d69c

Please sign in to comment.