summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorInsu Yun <wuninsu@gmail.com>2016-02-01 19:34:58 +0300
committerSteve French <smfrench@gmail.com>2016-02-11 03:04:56 +0300
commitf34d69c3e54908c97708d0d65075f7c6074fc87e (patch)
treea474276b61cd22d01cfc53fa3d77f3f3153b245b
parent997152f62751b7d16f1b864121c912fd19032bdf (diff)
downloadlinux-f34d69c3e54908c97708d0d65075f7c6074fc87e.tar.xz
cifs: fix potential overflow in cifs_compose_mount_options
In worst case, "ip=" + sb_mountdata + ipv6 can be copied into mountdata. Therefore, for safe, it is better to add more size when allocating memory. Signed-off-by: Insu Yun <wuninsu@gmail.com> Signed-off-by: Steve French <smfrench@gmail.com>
-rw-r--r--fs/cifs/cifs_dfs_ref.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/cifs/cifs_dfs_ref.c b/fs/cifs/cifs_dfs_ref.c
index 7dc886c9a78f..e956cba94338 100644
--- a/fs/cifs/cifs_dfs_ref.c
+++ b/fs/cifs/cifs_dfs_ref.c
@@ -175,7 +175,7 @@ char *cifs_compose_mount_options(const char *sb_mountdata,
* string to the length of the original string to allow for worst case.
*/
md_len = strlen(sb_mountdata) + INET6_ADDRSTRLEN;
- mountdata = kzalloc(md_len + 1, GFP_KERNEL);
+ mountdata = kzalloc(md_len + sizeof("ip=") + 1, GFP_KERNEL);
if (mountdata == NULL) {
rc = -ENOMEM;
goto compose_mount_options_err;