diff options
author | Steve French <sfrench@us.ibm.com> | 2011-08-18 04:41:55 +0000 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@suse.de> | 2011-08-29 13:29:07 -0700 |
commit | b3ff2fd377a0b593678af0082b6a2e4ecc3eec84 (patch) | |
tree | 58b85ae3ea6977a509778dc7401359ac0f0e7c46 | |
parent | 8ec7ad7a0073b11f924d131dc423c5221dd9bb8c (diff) |
possible memory corruption on mount
commit 13589c437daf4c8e429b3236c0b923de1c9420d8 upstream.
CIFS cleanup_volume_info_contents() looks like having a memory
corruption problem.
When UNCip is set to "&vol->UNC[2]" in cifs_parse_mount_options(), it
should not be kfree()-ed in cleanup_volume_info_contents().
Introduced in commit b946845a9dc523c759cae2b6a0f6827486c3221a
Signed-off-by: J.R. Okajima <hooanon05@yahoo.co.jp>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-rw-r--r-- | fs/cifs/connect.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index ccc1afa0bf3..e0ea721c0f1 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -2838,7 +2838,8 @@ cleanup_volume_info_contents(struct smb_vol *volume_info) kfree(volume_info->username); kzfree(volume_info->password); kfree(volume_info->UNC); - kfree(volume_info->UNCip); + if (volume_info->UNCip != volume_info->UNC + 2) + kfree(volume_info->UNCip); kfree(volume_info->domainname); kfree(volume_info->iocharset); kfree(volume_info->prepath); |