mirror of
https://github.com/followmsi/android_kernel_google_msm.git
synced 2024-11-06 23:17:41 +00:00
[CIFS] Maximum username length check in session setup does not match
Fix length check reported by D. Binderman (see below) d binderman <dcb314@hotmail.com> wrote: > > I just ran the sourceforge tool cppcheck over the source code of the > new Linux kernel 2.6.33-rc6 > > It said > > [./cifs/sess.c:250]: (error) Buffer access out-of-bounds May turn out to be harmless, but best to be safe. Note max username length is defined to 32 due to Linux (Windows maximum is 20). Signed-off-by: Steve French <sfrench@us.ibm.com>
This commit is contained in:
parent
f12f98dba6
commit
301a6a3177
1 changed files with 5 additions and 6 deletions
|
@ -223,9 +223,9 @@ static void unicode_ssetup_strings(char **pbcc_area, struct cifsSesInfo *ses,
|
|||
/* null user mount */
|
||||
*bcc_ptr = 0;
|
||||
*(bcc_ptr+1) = 0;
|
||||
} else { /* 300 should be long enough for any conceivable user name */
|
||||
} else {
|
||||
bytes_ret = cifs_strtoUCS((__le16 *) bcc_ptr, ses->userName,
|
||||
300, nls_cp);
|
||||
MAX_USERNAME_SIZE, nls_cp);
|
||||
}
|
||||
bcc_ptr += 2 * bytes_ret;
|
||||
bcc_ptr += 2; /* account for null termination */
|
||||
|
@ -246,11 +246,10 @@ static void ascii_ssetup_strings(char **pbcc_area, struct cifsSesInfo *ses,
|
|||
/* copy user */
|
||||
if (ses->userName == NULL) {
|
||||
/* BB what about null user mounts - check that we do this BB */
|
||||
} else { /* 300 should be long enough for any conceivable user name */
|
||||
strncpy(bcc_ptr, ses->userName, 300);
|
||||
} else {
|
||||
strncpy(bcc_ptr, ses->userName, MAX_USERNAME_SIZE);
|
||||
}
|
||||
/* BB improve check for overflow */
|
||||
bcc_ptr += strnlen(ses->userName, 300);
|
||||
bcc_ptr += strnlen(ses->userName, MAX_USERNAME_SIZE);
|
||||
*bcc_ptr = 0;
|
||||
bcc_ptr++; /* account for null termination */
|
||||
|
||||
|
|
Loading…
Reference in a new issue