Fix oops in cifs_strfromUCS_le mounting to servers which do not specify their OS

commit 69765529d701c838df19ea1f5ad2f33a528261ae upstream.

Fixes kernel bug #10451 http://bugzilla.kernel.org/show_bug.cgi?id=10451

Certain NAS appliances do not set the operating system or network operating system
fields in the session setup response on the wire.  cifs was oopsing on the unexpected
zero length response fields (when trying to null terminate a zero length field).

This fixes the oops.

Acked-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

diff --git a/fs/cifs/CHANGES b/fs/cifs/CHANGES
index e078b7aea1431d648b9b6dd6df5313b0b2cc738a..4c1cb9a5523e6427d3a510570fdcfdbe8956dd87 100644 (file)
--- a/fs/cifs/CHANGES
+++ b/fs/cifs/CHANGES
@@ -1,3 +1,5 @@
+Fix oops in cifs_dfs_ref.c when prefixpath is not reachable when using DFS.
+
 Version 1.55
 ------------
 Various fixes to make delete of open files behavior more predictable

diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
index 2851d5da0c8c03f34143fb7b24542d3da239a2f8..3cfa45219985d0fde130f8ada580fefd8bfb0172 100644 (file)
--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c
@@ -228,7 +228,7 @@ static int decode_unicode_ssetup(char **pbcc_area, int bleft,
 
        kfree(ses->serverOS);
        /* UTF-8 string will not grow more than four times as big as UCS-16 */
-       ses->serverOS = kzalloc(4 * len, GFP_KERNEL);
+       ses->serverOS = kzalloc((4 * len) + 2 /* trailing null */, GFP_KERNEL);
        if (ses->serverOS != NULL)
                cifs_strfromUCS_le(ses->serverOS, (__le16 *)data, len, nls_cp);
        data += 2 * (len + 1);
@@ -241,7 +241,7 @@ static int decode_unicode_ssetup(char **pbcc_area, int bleft,
                return rc;
 
        kfree(ses->serverNOS);
-       ses->serverNOS = kzalloc(4 * len, GFP_KERNEL); /* BB this is wrong length FIXME BB */
+       ses->serverNOS = kzalloc((4 * len) + 2 /* trailing null */, GFP_KERNEL);
        if (ses->serverNOS != NULL) {
                cifs_strfromUCS_le(ses->serverNOS, (__le16 *)data, len,
                                   nls_cp);