diff options
| author | Arnd Bergmann <arnd@arndb.de> | 2012-02-24 16:39:18 +0400 |
|---|---|---|
| committer | Arnd Bergmann <arnd@arndb.de> | 2012-02-24 16:39:18 +0400 |
| commit | fdc24d4ba20499febb90ff17d3b75674026712f8 (patch) | |
| tree | 83cebb162add24be7b395090b4daca4bd752641b /fs/cifs/sess.c | |
| parent | a5f17d1f4c2831b9b9bf8b1a537cdbac995d6e13 (diff) | |
| parent | 059289b260826deb43601644a7ad39c2608e6861 (diff) | |
| download | linux-fdc24d4ba20499febb90ff17d3b75674026712f8.tar.xz | |
Merge branch 'vexpress-dt-v3.3-rc4' of git://git.linaro.org/people/pawelmoll/linux into next/dt
* 'vexpress-dt-v3.3-rc4' of git://git.linaro.org/people/pawelmoll/linux: (573 commits)
ARM: vexpress: Add Device Tree for V2P-CA15 core tile (TC1 variant)
ARM: vexpress: Add Device Tree for V2P-CA9 core tile
ARM: vexpress: Add Device Tree for V2P-CA5s core tile
ARM: vexpress: Motherboard RS1 memory map support
ARM: vexpress: Add Device Tree support
ARM: vexpress: Use FDT data in platform SMP calls
ARM: versatile: Map local timers using Device Tree when possible
ARM: vexpress: Get rid of MMIO_P2V
This adds full device tree boot support for the versatile express
platform, as has been awaited for a long time.
Conflicts:
arch/arm/mach-vexpress/core.h
The definition of AMBA_DEVICE was removed in one branch, and the
definition of MMIO_P2V was removed in the other branch.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Diffstat (limited to 'fs/cifs/sess.c')
| -rw-r--r-- | fs/cifs/sess.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c index d85efad5765f..551d0c2b9736 100644 --- a/fs/cifs/sess.c +++ b/fs/cifs/sess.c @@ -246,16 +246,15 @@ static void ascii_ssetup_strings(char **pbcc_area, struct cifs_ses *ses, /* copy user */ /* BB what about null user mounts - check that we do this BB */ /* copy user */ - if (ses->user_name != NULL) + if (ses->user_name != NULL) { strncpy(bcc_ptr, ses->user_name, MAX_USERNAME_SIZE); + bcc_ptr += strnlen(ses->user_name, MAX_USERNAME_SIZE); + } /* else null user mount */ - - bcc_ptr += strnlen(ses->user_name, MAX_USERNAME_SIZE); *bcc_ptr = 0; bcc_ptr++; /* account for null termination */ /* copy domain */ - if (ses->domainName != NULL) { strncpy(bcc_ptr, ses->domainName, 256); bcc_ptr += strnlen(ses->domainName, 256); @@ -395,6 +394,10 @@ static int decode_ntlmssp_challenge(char *bcc_ptr, int blob_len, ses->ntlmssp->server_flags = le32_to_cpu(pblob->NegotiateFlags); tioffset = le32_to_cpu(pblob->TargetInfoArray.BufferOffset); tilen = le16_to_cpu(pblob->TargetInfoArray.Length); + if (tioffset > blob_len || tioffset + tilen > blob_len) { + cERROR(1, "tioffset + tilen too high %u + %u", tioffset, tilen); + return -EINVAL; + } if (tilen) { ses->auth_key.response = kmalloc(tilen, GFP_KERNEL); if (!ses->auth_key.response) { |