aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSteve French <sfrench@us.ibm.com>2011-08-18 04:41:55 +0000
committerGreg Kroah-Hartman <gregkh@suse.de>2011-08-29 13:29:07 -0700
commitb3ff2fd377a0b593678af0082b6a2e4ecc3eec84 (patch)
tree58b85ae3ea6977a509778dc7401359ac0f0e7c46
parent8ec7ad7a0073b11f924d131dc423c5221dd9bb8c (diff)
possible memory corruption on mount
commit 13589c437daf4c8e429b3236c0b923de1c9420d8 upstream. CIFS cleanup_volume_info_contents() looks like having a memory corruption problem. When UNCip is set to "&vol->UNC[2]" in cifs_parse_mount_options(), it should not be kfree()-ed in cleanup_volume_info_contents(). Introduced in commit b946845a9dc523c759cae2b6a0f6827486c3221a Signed-off-by: J.R. Okajima <hooanon05@yahoo.co.jp> Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-rw-r--r--fs/cifs/connect.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index ccc1afa0bf3..e0ea721c0f1 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -2838,7 +2838,8 @@ cleanup_volume_info_contents(struct smb_vol *volume_info)
kfree(volume_info->username);
kzfree(volume_info->password);
kfree(volume_info->UNC);
- kfree(volume_info->UNCip);
+ if (volume_info->UNCip != volume_info->UNC + 2)
+ kfree(volume_info->UNCip);
kfree(volume_info->domainname);
kfree(volume_info->iocharset);
kfree(volume_info->prepath);