cifs: fix potential overflow in cifs_compose_mount_options

In worst case, "ip=" + sb_mountdata + ipv6 can be copied into mountdata. Therefore, for safe, it is better to add more size when allocating memory. Signed-off-by: N Insu Yun <wuninsu@gmail.com> Signed-off-by: N Steve French <smfrench@gmail.com>

cifs: fix potential overflow in cifs_compose_mount_options
In worst case, "ip=" + sb_mountdata + ipv6 can be copied into mountdata. Therefore, for safe, it is better to add more size when allocating memory. Signed-off-by: N Insu Yun <wuninsu@gmail.com> Signed-off-by: N Steve French <smfrench@gmail.com>
f34d69c3 · Insu Yun · Steve French · 997152f6 · f34d69c3
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

fs/cifs/cifs_dfs_ref.c fs/cifs/cifs_dfs_ref.c +1 -1

未找到文件。
--- a/fs/cifs/cifs_dfs_ref.c
+++ b/fs/cifs/cifs_dfs_ref.c
@@ -175,7 +175,7 @@ char *cifs_compose_mount_options(const char *sb_mountdata,
 	 * string to the length of the original string to allow for worst case.
 	 */
 	md_len = strlen(sb_mountdata) + INET6_ADDRSTRLEN;
-	mountdata = kzalloc(md_len + 1, GFP_KERNEL);
+	mountdata = kzalloc(md_len + sizeof("ip=") + 1, GFP_KERNEL);
 	if (mountdata == NULL) {
 		rc = -ENOMEM;
 		goto compose_mount_options_err;