diff options
author | Linus Torvalds | 2011-04-25 20:38:50 -0700 |
---|---|---|
committer | Linus Torvalds | 2011-04-25 20:38:50 -0700 |
commit | f727a938ce1c92d7693e0a66cee2295f2f9ca6d3 (patch) | |
tree | 28d3467e4e86294f41b017f8a6e54b8b16dbb6b4 /fs | |
parent | cd2e49e90f1cae7726c9a2c54488d881d7f1cd1c (diff) | |
parent | 4906e50b37e6f6c264e7ee4237343eb2b7f8d16d (diff) |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6:
CIFS: Fix memory over bound bug in cifs_parse_mount_options
Diffstat (limited to 'fs')
-rw-r--r-- | fs/cifs/connect.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index db9d55b507d0..4bc862a80efa 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -807,8 +807,7 @@ static int cifs_parse_mount_options(char *options, const char *devname, struct smb_vol *vol) { - char *value; - char *data; + char *value, *data, *end; unsigned int temp_len, i, j; char separator[2]; short int override_uid = -1; @@ -851,6 +850,7 @@ cifs_parse_mount_options(char *options, const char *devname, if (!options) return 1; + end = options + strlen(options); if (strncmp(options, "sep=", 4) == 0) { if (options[4] != 0) { separator[0] = options[4]; @@ -916,6 +916,7 @@ cifs_parse_mount_options(char *options, const char *devname, the only illegal character in a password is null */ if ((value[temp_len] == 0) && + (value + temp_len < end) && (value[temp_len+1] == separator[0])) { /* reinsert comma */ value[temp_len] = separator[0]; |