diff options
author | Chen Gang <gang.chen@asianux.com> | 2013-07-19 09:01:36 +0800 |
---|---|---|
committer | Steve French <smfrench@gmail.com> | 2013-07-30 23:54:40 -0500 |
commit | 057d6332b24a4497c55a761c83c823eed9e3f23b (patch) | |
tree | 15ad5c70288bc61084fd01c2f9b0db208d581c12 /fs/cifs/cifsencrypt.c | |
parent | ecb2cf1a6b63825a258ff4fe0d7f3070fbe4676b (diff) | |
download | lwn-057d6332b24a4497c55a761c83c823eed9e3f23b.tar.gz lwn-057d6332b24a4497c55a761c83c823eed9e3f23b.zip |
cifs: extend the buffer length enought for sprintf() using
For cifs_set_cifscreds() in "fs/cifs/connect.c", 'desc' buffer length
is 'CIFSCREDS_DESC_SIZE' (56 is less than 256), and 'ses->domainName'
length may be "255 + '\0'".
The related sprintf() may cause memory overflow, so need extend related
buffer enough to hold all things.
It is also necessary to be sure of 'ses->domainName' must be less than
256, and define the related macro instead of hard code number '256'.
Signed-off-by: Chen Gang <gang.chen@asianux.com>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Reviewed-by: Scott Lovenberg <scott.lovenberg@gmail.com>
CC: <stable@vger.kernel.org>
Signed-off-by: Steve French <smfrench@gmail.com>
Diffstat (limited to 'fs/cifs/cifsencrypt.c')
-rw-r--r-- | fs/cifs/cifsencrypt.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c index 45e57cc38200..194f9cce5d83 100644 --- a/fs/cifs/cifsencrypt.c +++ b/fs/cifs/cifsencrypt.c @@ -421,7 +421,7 @@ find_domain_name(struct cifs_ses *ses, const struct nls_table *nls_cp) if (blobptr + attrsize > blobend) break; if (type == NTLMSSP_AV_NB_DOMAIN_NAME) { - if (!attrsize) + if (!attrsize || attrsize >= CIFS_MAX_DOMAINNAME_LEN) break; if (!ses->domainName) { ses->domainName = |