Skip to content

E
etercifs
Commit b03c1750 authored by Pavel Shilovsky's avatar Pavel Shilovsky
Browse files
Options

Fix memory over bound bug in cifs_parse_mount_options for 2.6.37

parent f242e285
Hide whitespace changes
Inline Side-by-side
Showing with 3 additions and 2 deletions
sources/2.6.37/connect.c
View file @ b03c1750
...@@ -801,8 +801,7 @@ static int ...@@ -801,8 +801,7 @@ static int
cifs_parse_mount_options(char *options, const char *devname, cifs_parse_mount_options(char *options, const char *devname,
struct smb_vol *vol) struct smb_vol *vol)
{ {
char *value; char *value, *data, *end;
char *data;
unsigned int temp_len, i, j; unsigned int temp_len, i, j;
char separator[2]; char separator[2];
short int override_uid = -1; short int override_uid = -1;
...@@ -845,6 +844,7 @@ cifs_parse_mount_options(char *options, const char *devname, ...@@ -845,6 +844,7 @@ cifs_parse_mount_options(char *options, const char *devname,
if (!options) if (!options)
return 1; return 1;
end = options + strlen(options);
if (strncmp(options, "sep=", 4) == 0) { if (strncmp(options, "sep=", 4) == 0) {
if (options[4] != 0) { if (options[4] != 0) {
separator[0] = options[4]; separator[0] = options[4];
...@@ -909,6 +909,7 @@ cifs_parse_mount_options(char *options, const char *devname, ...@@ -909,6 +909,7 @@ cifs_parse_mount_options(char *options, const char *devname,
the only illegal character in a password is null */ the only illegal character in a password is null */
if ((value[temp_len] == 0) && if ((value[temp_len] == 0) &&
(value + temp_len < end) &&
(value[temp_len+1] == separator[0])) { (value[temp_len+1] == separator[0])) {
/* reinsert comma */ /* reinsert comma */
value[temp_len] = separator[0]; value[temp_len] = separator[0];
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment