cifs: fix potential overflow in cifs_compose_mount_options In worst case, "ip=" + sb_mountdata + ipv6 can be copied into mountdata. Therefore, for safe, it is better to add more size when allocating memory. Signed-off-by: Insu Yun <wuninsu@gmail.com> Signed-off-by: Steve French <smfrench@gmail.com>

commit: f34d69c3e54908c97708d0d65075f7c6074fc87e [log] [tgz]
author: Insu Yun <wuninsu@gmail.com> Mon Feb 01 11:34:58 2016 -0500
committer: Steve French <smfrench@gmail.com> Wed Feb 10 18:04:56 2016 -0600
tree: a474276b61cd22d01cfc53fa3d77f3f3153b245b
parent: 997152f62751b7d16f1b864121c912fd19032bdf [diff] [blame]
diff --git a/fs/cifs/cifs_dfs_ref.c b/fs/cifs/cifs_dfs_ref.c
index 7dc886c..e956cba 100644
--- a/fs/cifs/cifs_dfs_ref.c
+++ b/fs/cifs/cifs_dfs_ref.c

@@ -175,7 +175,7 @@
 	 * string to the length of the original string to allow for worst case.
 	 */
 	md_len = strlen(sb_mountdata) + INET6_ADDRSTRLEN;
-	mountdata = kzalloc(md_len + 1, GFP_KERNEL);
+	mountdata = kzalloc(md_len + sizeof("ip=") + 1, GFP_KERNEL);
 	if (mountdata == NULL) {
 		rc = -ENOMEM;
 		goto compose_mount_options_err;
commit	f34d69c3e54908c97708d0d65075f7c6074fc87e	[log] [tgz]
author	Insu Yun <wuninsu@gmail.com>	Mon Feb 01 11:34:58 2016 -0500
committer	Steve French <smfrench@gmail.com>	Wed Feb 10 18:04:56 2016 -0600
tree	a474276b61cd22d01cfc53fa3d77f3f3153b245b
parent	997152f62751b7d16f1b864121c912fd19032bdf [diff] [blame]