Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
linux
Commits
a424f8bf
Commit
a424f8bf
authored
May 30, 2006
by
Steve French
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
[CIFS] fix memory leak in cifs session info struct on reconnect
Signed-off-by:
Steve French
<
sfrench@us.ibm.com
>
parent
c01f36a8
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
82 additions
and
6 deletions
+82
-6
fs/cifs/connect.c
fs/cifs/connect.c
+82
-6
No files found.
fs/cifs/connect.c
View file @
a424f8bf
...
@@ -2148,6 +2148,8 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
...
@@ -2148,6 +2148,8 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
/* We look for obvious messed up bcc or strings in response so we do not go off
/* We look for obvious messed up bcc or strings in response so we do not go off
the end since (at least) WIN2K and Windows XP have a major bug in not null
the end since (at least) WIN2K and Windows XP have a major bug in not null
terminating last Unicode string in response */
terminating last Unicode string in response */
if
(
ses
->
serverOS
)
kfree
(
ses
->
serverOS
);
ses
->
serverOS
=
kzalloc
(
2
*
(
len
+
1
),
GFP_KERNEL
);
ses
->
serverOS
=
kzalloc
(
2
*
(
len
+
1
),
GFP_KERNEL
);
if
(
ses
->
serverOS
==
NULL
)
if
(
ses
->
serverOS
==
NULL
)
goto
sesssetup_nomem
;
goto
sesssetup_nomem
;
...
@@ -2160,6 +2162,8 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
...
@@ -2160,6 +2162,8 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
if
(
remaining_words
>
0
)
{
if
(
remaining_words
>
0
)
{
len
=
UniStrnlen
((
wchar_t
*
)
bcc_ptr
,
len
=
UniStrnlen
((
wchar_t
*
)
bcc_ptr
,
remaining_words
-
1
);
remaining_words
-
1
);
if
(
ses
->
serverNOS
)
kfree
(
ses
->
serverNOS
);
ses
->
serverNOS
=
kzalloc
(
2
*
(
len
+
1
),
GFP_KERNEL
);
ses
->
serverNOS
=
kzalloc
(
2
*
(
len
+
1
),
GFP_KERNEL
);
if
(
ses
->
serverNOS
==
NULL
)
if
(
ses
->
serverNOS
==
NULL
)
goto
sesssetup_nomem
;
goto
sesssetup_nomem
;
...
@@ -2177,6 +2181,8 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
...
@@ -2177,6 +2181,8 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
if
(
remaining_words
>
0
)
{
if
(
remaining_words
>
0
)
{
len
=
UniStrnlen
((
wchar_t
*
)
bcc_ptr
,
remaining_words
);
len
=
UniStrnlen
((
wchar_t
*
)
bcc_ptr
,
remaining_words
);
/* last string is not always null terminated (for e.g. for Windows XP & 2000) */
/* last string is not always null terminated (for e.g. for Windows XP & 2000) */
if
(
ses
->
serverDomain
)
kfree
(
ses
->
serverDomain
);
ses
->
serverDomain
=
ses
->
serverDomain
=
kzalloc
(
2
*
(
len
+
1
),
GFP_KERNEL
);
kzalloc
(
2
*
(
len
+
1
),
GFP_KERNEL
);
if
(
ses
->
serverDomain
==
NULL
)
if
(
ses
->
serverDomain
==
NULL
)
...
@@ -2187,15 +2193,22 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
...
@@ -2187,15 +2193,22 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
ses
->
serverDomain
[
2
*
len
]
=
0
;
ses
->
serverDomain
[
2
*
len
]
=
0
;
ses
->
serverDomain
[
1
+
(
2
*
len
)]
=
0
;
ses
->
serverDomain
[
1
+
(
2
*
len
)]
=
0
;
}
/* else no more room so create dummy domain string */
}
/* else no more room so create dummy domain string */
else
else
{
if
(
ses
->
serverDomain
)
kfree
(
ses
->
serverDomain
);
ses
->
serverDomain
=
ses
->
serverDomain
=
kzalloc
(
2
,
GFP_KERNEL
);
kzalloc
(
2
,
GFP_KERNEL
);
}
}
else
{
/* no room so create dummy domain and NOS string */
}
else
{
/* no room so create dummy domain and NOS string */
/* if these kcallocs fail not much we
/* if these kcallocs fail not much we
can do, but better to not fail the
can do, but better to not fail the
sesssetup itself */
sesssetup itself */
if
(
ses
->
serverDomain
)
kfree
(
ses
->
serverDomain
);
ses
->
serverDomain
=
ses
->
serverDomain
=
kzalloc
(
2
,
GFP_KERNEL
);
kzalloc
(
2
,
GFP_KERNEL
);
if
(
ses
->
serverNOS
)
kfree
(
ses
->
serverNOS
);
ses
->
serverNOS
=
ses
->
serverNOS
=
kzalloc
(
2
,
GFP_KERNEL
);
kzalloc
(
2
,
GFP_KERNEL
);
}
}
...
@@ -2204,6 +2217,8 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
...
@@ -2204,6 +2217,8 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
if
(((
long
)
bcc_ptr
+
len
)
-
(
long
)
if
(((
long
)
bcc_ptr
+
len
)
-
(
long
)
pByteArea
(
smb_buffer_response
)
pByteArea
(
smb_buffer_response
)
<=
BCC
(
smb_buffer_response
))
{
<=
BCC
(
smb_buffer_response
))
{
if
(
ses
->
serverOS
)
kfree
(
ses
->
serverOS
);
ses
->
serverOS
=
kzalloc
(
len
+
1
,
GFP_KERNEL
);
ses
->
serverOS
=
kzalloc
(
len
+
1
,
GFP_KERNEL
);
if
(
ses
->
serverOS
==
NULL
)
if
(
ses
->
serverOS
==
NULL
)
goto
sesssetup_nomem
;
goto
sesssetup_nomem
;
...
@@ -2214,6 +2229,8 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
...
@@ -2214,6 +2229,8 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
bcc_ptr
++
;
bcc_ptr
++
;
len
=
strnlen
(
bcc_ptr
,
1024
);
len
=
strnlen
(
bcc_ptr
,
1024
);
if
(
ses
->
serverNOS
)
kfree
(
ses
->
serverNOS
);
ses
->
serverNOS
=
kzalloc
(
len
+
1
,
GFP_KERNEL
);
ses
->
serverNOS
=
kzalloc
(
len
+
1
,
GFP_KERNEL
);
if
(
ses
->
serverNOS
==
NULL
)
if
(
ses
->
serverNOS
==
NULL
)
goto
sesssetup_nomem
;
goto
sesssetup_nomem
;
...
@@ -2223,6 +2240,8 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
...
@@ -2223,6 +2240,8 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
bcc_ptr
++
;
bcc_ptr
++
;
len
=
strnlen
(
bcc_ptr
,
1024
);
len
=
strnlen
(
bcc_ptr
,
1024
);
if
(
ses
->
serverDomain
)
kfree
(
ses
->
serverDomain
);
ses
->
serverDomain
=
kzalloc
(
len
+
1
,
GFP_KERNEL
);
ses
->
serverDomain
=
kzalloc
(
len
+
1
,
GFP_KERNEL
);
if
(
ses
->
serverDomain
==
NULL
)
if
(
ses
->
serverDomain
==
NULL
)
goto
sesssetup_nomem
;
goto
sesssetup_nomem
;
...
@@ -2427,6 +2446,8 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses,
...
@@ -2427,6 +2446,8 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses,
/* We look for obvious messed up bcc or strings in response so we do not go off
/* We look for obvious messed up bcc or strings in response so we do not go off
the end since (at least) WIN2K and Windows XP have a major bug in not null
the end since (at least) WIN2K and Windows XP have a major bug in not null
terminating last Unicode string in response */
terminating last Unicode string in response */
if
(
ses
->
serverOS
)
kfree
(
ses
->
serverOS
);
ses
->
serverOS
=
ses
->
serverOS
=
kzalloc
(
2
*
(
len
+
1
),
GFP_KERNEL
);
kzalloc
(
2
*
(
len
+
1
),
GFP_KERNEL
);
cifs_strfromUCS_le
(
ses
->
serverOS
,
cifs_strfromUCS_le
(
ses
->
serverOS
,
...
@@ -2441,6 +2462,8 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses,
...
@@ -2441,6 +2462,8 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses,
len
=
UniStrnlen
((
wchar_t
*
)
bcc_ptr
,
len
=
UniStrnlen
((
wchar_t
*
)
bcc_ptr
,
remaining_words
remaining_words
-
1
);
-
1
);
if
(
ses
->
serverNOS
)
kfree
(
ses
->
serverNOS
);
ses
->
serverNOS
=
ses
->
serverNOS
=
kzalloc
(
2
*
(
len
+
1
),
kzalloc
(
2
*
(
len
+
1
),
GFP_KERNEL
);
GFP_KERNEL
);
...
@@ -2454,7 +2477,9 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses,
...
@@ -2454,7 +2477,9 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses,
remaining_words
-=
len
+
1
;
remaining_words
-=
len
+
1
;
if
(
remaining_words
>
0
)
{
if
(
remaining_words
>
0
)
{
len
=
UniStrnlen
((
wchar_t
*
)
bcc_ptr
,
remaining_words
);
len
=
UniStrnlen
((
wchar_t
*
)
bcc_ptr
,
remaining_words
);
/* last string is not always null terminated (for e.g. for Windows XP & 2000) */
/* last string not null terminated (e.g.Windows XP/2000) */
if
(
ses
->
serverDomain
)
kfree
(
ses
->
serverDomain
);
ses
->
serverDomain
=
kzalloc
(
2
*
(
len
+
1
),
GFP_KERNEL
);
ses
->
serverDomain
=
kzalloc
(
2
*
(
len
+
1
),
GFP_KERNEL
);
cifs_strfromUCS_le
(
ses
->
serverDomain
,
cifs_strfromUCS_le
(
ses
->
serverDomain
,
(
__le16
*
)
bcc_ptr
,
(
__le16
*
)
bcc_ptr
,
...
@@ -2463,11 +2488,18 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses,
...
@@ -2463,11 +2488,18 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses,
ses
->
serverDomain
[
2
*
len
]
=
0
;
ses
->
serverDomain
[
2
*
len
]
=
0
;
ses
->
serverDomain
[
1
+
(
2
*
len
)]
=
0
;
ses
->
serverDomain
[
1
+
(
2
*
len
)]
=
0
;
}
/* else no more room so create dummy domain string */
}
/* else no more room so create dummy domain string */
else
else
{
if
(
ses
->
serverDomain
)
`
kfree
(
ses
->
serverDomain
);
ses
->
serverDomain
=
ses
->
serverDomain
=
kzalloc
(
2
,
GFP_KERNEL
);
kzalloc
(
2
,
GFP_KERNEL
);
}
else
{
/* no room so create dummy domain and NOS string */
}
}
else
{
/* no room use dummy domain&NOS */
if
(
ses
->
serverDomain
)
kfree
(
ses
->
serverDomain
);
ses
->
serverDomain
=
kzalloc
(
2
,
GFP_KERNEL
);
ses
->
serverDomain
=
kzalloc
(
2
,
GFP_KERNEL
);
if
(
ses
->
serverNOS
)
kfree
(
ses
->
serverNOS
);
ses
->
serverNOS
=
kzalloc
(
2
,
GFP_KERNEL
);
ses
->
serverNOS
=
kzalloc
(
2
,
GFP_KERNEL
);
}
}
}
else
{
/* ASCII */
}
else
{
/* ASCII */
...
@@ -2476,6 +2508,8 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses,
...
@@ -2476,6 +2508,8 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses,
if
(((
long
)
bcc_ptr
+
len
)
-
(
long
)
if
(((
long
)
bcc_ptr
+
len
)
-
(
long
)
pByteArea
(
smb_buffer_response
)
pByteArea
(
smb_buffer_response
)
<=
BCC
(
smb_buffer_response
))
{
<=
BCC
(
smb_buffer_response
))
{
if
(
ses
->
serverOS
)
kfree
(
ses
->
serverOS
);
ses
->
serverOS
=
kzalloc
(
len
+
1
,
GFP_KERNEL
);
ses
->
serverOS
=
kzalloc
(
len
+
1
,
GFP_KERNEL
);
strncpy
(
ses
->
serverOS
,
bcc_ptr
,
len
);
strncpy
(
ses
->
serverOS
,
bcc_ptr
,
len
);
...
@@ -2484,6 +2518,8 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses,
...
@@ -2484,6 +2518,8 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses,
bcc_ptr
++
;
bcc_ptr
++
;
len
=
strnlen
(
bcc_ptr
,
1024
);
len
=
strnlen
(
bcc_ptr
,
1024
);
if
(
ses
->
serverNOS
)
kfree
(
ses
->
serverNOS
);
ses
->
serverNOS
=
kzalloc
(
len
+
1
,
GFP_KERNEL
);
ses
->
serverNOS
=
kzalloc
(
len
+
1
,
GFP_KERNEL
);
strncpy
(
ses
->
serverNOS
,
bcc_ptr
,
len
);
strncpy
(
ses
->
serverNOS
,
bcc_ptr
,
len
);
bcc_ptr
+=
len
;
bcc_ptr
+=
len
;
...
@@ -2491,6 +2527,8 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses,
...
@@ -2491,6 +2527,8 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses,
bcc_ptr
++
;
bcc_ptr
++
;
len
=
strnlen
(
bcc_ptr
,
1024
);
len
=
strnlen
(
bcc_ptr
,
1024
);
if
(
ses
->
serverDomain
)
kfree
(
ses
->
severDomain
);
ses
->
serverDomain
=
kzalloc
(
len
+
1
,
GFP_KERNEL
);
ses
->
serverDomain
=
kzalloc
(
len
+
1
,
GFP_KERNEL
);
strncpy
(
ses
->
serverDomain
,
bcc_ptr
,
len
);
strncpy
(
ses
->
serverDomain
,
bcc_ptr
,
len
);
bcc_ptr
+=
len
;
bcc_ptr
+=
len
;
...
@@ -2728,6 +2766,8 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
...
@@ -2728,6 +2766,8 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
/* We look for obvious messed up bcc or strings in response so we do not go off
/* We look for obvious messed up bcc or strings in response so we do not go off
the end since (at least) WIN2K and Windows XP have a major bug in not null
the end since (at least) WIN2K and Windows XP have a major bug in not null
terminating last Unicode string in response */
terminating last Unicode string in response */
if
(
ses
->
serverOS
)
kfree
(
ses
->
serverOS
);
ses
->
serverOS
=
ses
->
serverOS
=
kzalloc
(
2
*
(
len
+
1
),
GFP_KERNEL
);
kzalloc
(
2
*
(
len
+
1
),
GFP_KERNEL
);
cifs_strfromUCS_le
(
ses
->
serverOS
,
cifs_strfromUCS_le
(
ses
->
serverOS
,
...
@@ -2743,6 +2783,8 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
...
@@ -2743,6 +2783,8 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
bcc_ptr
,
bcc_ptr
,
remaining_words
remaining_words
-
1
);
-
1
);
if
(
ses
->
serverNOS
)
kfree
(
ses
->
serverNOS
);
ses
->
serverNOS
=
ses
->
serverNOS
=
kzalloc
(
2
*
(
len
+
1
),
kzalloc
(
2
*
(
len
+
1
),
GFP_KERNEL
);
GFP_KERNEL
);
...
@@ -2760,6 +2802,8 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
...
@@ -2760,6 +2802,8 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
if
(
remaining_words
>
0
)
{
if
(
remaining_words
>
0
)
{
len
=
UniStrnlen
((
wchar_t
*
)
bcc_ptr
,
remaining_words
);
len
=
UniStrnlen
((
wchar_t
*
)
bcc_ptr
,
remaining_words
);
/* last string is not always null terminated (for e.g. for Windows XP & 2000) */
/* last string is not always null terminated (for e.g. for Windows XP & 2000) */
if
(
ses
->
serverDomain
)
kfree
(
ses
->
serverDomain
);
ses
->
serverDomain
=
ses
->
serverDomain
=
kzalloc
(
2
*
kzalloc
(
2
*
(
len
+
(
len
+
...
@@ -2777,13 +2821,20 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
...
@@ -2777,13 +2821,20 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
[
1
+
(
2
*
len
)]
[
1
+
(
2
*
len
)]
=
0
;
=
0
;
}
/* else no more room so create dummy domain string */
}
/* else no more room so create dummy domain string */
else
else
{
if
(
ses
->
serverDomain
)
kfree
(
ses
->
serverDomain
);
ses
->
serverDomain
=
ses
->
serverDomain
=
kzalloc
(
2
,
kzalloc
(
2
,
GFP_KERNEL
);
GFP_KERNEL
);
}
}
else
{
/* no room so create dummy domain and NOS string */
}
else
{
/* no room so create dummy domain and NOS string */
if
(
ses
->
serverDomain
);
kfree
(
ses
->
serverDomain
);
ses
->
serverDomain
=
ses
->
serverDomain
=
kzalloc
(
2
,
GFP_KERNEL
);
kzalloc
(
2
,
GFP_KERNEL
);
if
(
ses
->
serverNOS
)
kfree
(
ses
->
serverNOS
);
ses
->
serverNOS
=
ses
->
serverNOS
=
kzalloc
(
2
,
GFP_KERNEL
);
kzalloc
(
2
,
GFP_KERNEL
);
}
}
...
@@ -2792,6 +2843,8 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
...
@@ -2792,6 +2843,8 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
if
(((
long
)
bcc_ptr
+
len
)
-
(
long
)
if
(((
long
)
bcc_ptr
+
len
)
-
(
long
)
pByteArea
(
smb_buffer_response
)
pByteArea
(
smb_buffer_response
)
<=
BCC
(
smb_buffer_response
))
{
<=
BCC
(
smb_buffer_response
))
{
if
(
ses
->
serverOS
)
kfree
(
ses
->
serverOS
);
ses
->
serverOS
=
ses
->
serverOS
=
kzalloc
(
len
+
1
,
kzalloc
(
len
+
1
,
GFP_KERNEL
);
GFP_KERNEL
);
...
@@ -2803,6 +2856,8 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
...
@@ -2803,6 +2856,8 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
bcc_ptr
++
;
bcc_ptr
++
;
len
=
strnlen
(
bcc_ptr
,
1024
);
len
=
strnlen
(
bcc_ptr
,
1024
);
if
(
ses
->
serverNOS
)
kfree
(
ses
->
serverNOS
);
ses
->
serverNOS
=
ses
->
serverNOS
=
kzalloc
(
len
+
1
,
kzalloc
(
len
+
1
,
GFP_KERNEL
);
GFP_KERNEL
);
...
@@ -2812,6 +2867,8 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
...
@@ -2812,6 +2867,8 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
bcc_ptr
++
;
bcc_ptr
++
;
len
=
strnlen
(
bcc_ptr
,
1024
);
len
=
strnlen
(
bcc_ptr
,
1024
);
if
(
ses
->
serverDomain
)
kfree
(
ses
->
serverDomain
);
ses
->
serverDomain
=
ses
->
serverDomain
=
kzalloc
(
len
+
1
,
kzalloc
(
len
+
1
,
GFP_KERNEL
);
GFP_KERNEL
);
...
@@ -3116,6 +3173,8 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
...
@@ -3116,6 +3173,8 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
/* We look for obvious messed up bcc or strings in response so we do not go off
/* We look for obvious messed up bcc or strings in response so we do not go off
the end since (at least) WIN2K and Windows XP have a major bug in not null
the end since (at least) WIN2K and Windows XP have a major bug in not null
terminating last Unicode string in response */
terminating last Unicode string in response */
if
(
ses
->
serverOS
)
kfree
(
serverOS
);
ses
->
serverOS
=
ses
->
serverOS
=
kzalloc
(
2
*
(
len
+
1
),
GFP_KERNEL
);
kzalloc
(
2
*
(
len
+
1
),
GFP_KERNEL
);
cifs_strfromUCS_le
(
ses
->
serverOS
,
cifs_strfromUCS_le
(
ses
->
serverOS
,
...
@@ -3131,6 +3190,8 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
...
@@ -3131,6 +3190,8 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
bcc_ptr
,
bcc_ptr
,
remaining_words
remaining_words
-
1
);
-
1
);
if
(
ses
->
serverNOS
)
kfree
(
ses
->
serverNOS
);
ses
->
serverNOS
=
ses
->
serverNOS
=
kzalloc
(
2
*
(
len
+
1
),
kzalloc
(
2
*
(
len
+
1
),
GFP_KERNEL
);
GFP_KERNEL
);
...
@@ -3147,6 +3208,8 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
...
@@ -3147,6 +3208,8 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
if
(
remaining_words
>
0
)
{
if
(
remaining_words
>
0
)
{
len
=
UniStrnlen
((
wchar_t
*
)
bcc_ptr
,
remaining_words
);
len
=
UniStrnlen
((
wchar_t
*
)
bcc_ptr
,
remaining_words
);
/* last string not always null terminated (e.g. for Windows XP & 2000) */
/* last string not always null terminated (e.g. for Windows XP & 2000) */
if
(
ses
->
serverDomain
)
kfree
(
ses
->
serverDomain
);
ses
->
serverDomain
=
ses
->
serverDomain
=
kzalloc
(
2
*
kzalloc
(
2
*
(
len
+
(
len
+
...
@@ -3172,10 +3235,17 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
...
@@ -3172,10 +3235,17 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
len
)]
len
)]
=
0
;
=
0
;
}
/* else no more room so create dummy domain string */
}
/* else no more room so create dummy domain string */
else
else
{
if
(
ses
->
serverDomain
)
kfree
(
ses
->
serverDomain
);
ses
->
serverDomain
=
kzalloc
(
2
,
GFP_KERNEL
);
ses
->
serverDomain
=
kzalloc
(
2
,
GFP_KERNEL
);
}
}
else
{
/* no room so create dummy domain and NOS string */
}
else
{
/* no room so create dummy domain and NOS string */
if
(
ses
->
serverDomain
)
kfree
(
ses
->
serverDomain
);
ses
->
serverDomain
=
kzalloc
(
2
,
GFP_KERNEL
);
ses
->
serverDomain
=
kzalloc
(
2
,
GFP_KERNEL
);
if
(
ses
->
serverNOS
)
kfree
(
ses
->
serverNOS
);
ses
->
serverNOS
=
kzalloc
(
2
,
GFP_KERNEL
);
ses
->
serverNOS
=
kzalloc
(
2
,
GFP_KERNEL
);
}
}
}
else
{
/* ASCII */
}
else
{
/* ASCII */
...
@@ -3183,6 +3253,8 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
...
@@ -3183,6 +3253,8 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
if
(((
long
)
bcc_ptr
+
len
)
-
if
(((
long
)
bcc_ptr
+
len
)
-
(
long
)
pByteArea
(
smb_buffer_response
)
(
long
)
pByteArea
(
smb_buffer_response
)
<=
BCC
(
smb_buffer_response
))
{
<=
BCC
(
smb_buffer_response
))
{
if
(
ses
->
serverOS
)
kfree
(
ses
->
serverOS
);
ses
->
serverOS
=
kzalloc
(
len
+
1
,
GFP_KERNEL
);
ses
->
serverOS
=
kzalloc
(
len
+
1
,
GFP_KERNEL
);
strncpy
(
ses
->
serverOS
,
bcc_ptr
,
len
);
strncpy
(
ses
->
serverOS
,
bcc_ptr
,
len
);
...
@@ -3191,6 +3263,8 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
...
@@ -3191,6 +3263,8 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
bcc_ptr
++
;
bcc_ptr
++
;
len
=
strnlen
(
bcc_ptr
,
1024
);
len
=
strnlen
(
bcc_ptr
,
1024
);
if
(
ses
->
serverNOS
)
kfree
(
ses
->
serverNOS
);
ses
->
serverNOS
=
kzalloc
(
len
+
1
,
GFP_KERNEL
);
ses
->
serverNOS
=
kzalloc
(
len
+
1
,
GFP_KERNEL
);
strncpy
(
ses
->
serverNOS
,
bcc_ptr
,
len
);
strncpy
(
ses
->
serverNOS
,
bcc_ptr
,
len
);
bcc_ptr
+=
len
;
bcc_ptr
+=
len
;
...
@@ -3198,6 +3272,8 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
...
@@ -3198,6 +3272,8 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
bcc_ptr
++
;
bcc_ptr
++
;
len
=
strnlen
(
bcc_ptr
,
1024
);
len
=
strnlen
(
bcc_ptr
,
1024
);
if
(
ses
->
serverDomain
)
kfree
(
ses
->
serverDomain
);
ses
->
serverDomain
=
kzalloc
(
len
+
1
,
GFP_KERNEL
);
ses
->
serverDomain
=
kzalloc
(
len
+
1
,
GFP_KERNEL
);
strncpy
(
ses
->
serverDomain
,
bcc_ptr
,
len
);
strncpy
(
ses
->
serverDomain
,
bcc_ptr
,
len
);
bcc_ptr
+=
len
;
bcc_ptr
+=
len
;
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment