]> bbs.cooldavid.org Git - net-next-2.6.git/commitdiff
git://bbs.cooldavid.org / net-next-2.6.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 968460e)
cifs: Increase size of tmp_buf in cifs_readdir to avoid potential overflows
authorSuresh Jayaraman <sjayaraman@suse.de>
Mon, 20 Apr 2009 13:24:36 +0000 (18:54 +0530)
committerSteve French <sfrench@us.ibm.com>
Mon, 20 Apr 2009 19:58:09 +0000 (19:58 +0000)
Increase size of tmp_buf to possible maximum to avoid potential
overflows.

Pointed-out-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de>
Acked-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
fs/cifs/readdir.c patch | blob | blame | history

diff --git a/fs/cifs/readdir.c b/fs/cifs/readdir.c
index 1a8be6228333a146aa7f3e00f168ee2d4461fc72..ebd0da7ecb3d2e3eb6d326b7892f3b7afc8a92dd 100644 (file)
--- a/fs/cifs/readdir.c
+++ b/fs/cifs/readdir.c
@@ -1074,7 +1074,7 @@ int cifs_readdir(struct file *file, void *direntry, filldir_t filldir)
                with the rare long characters alloc more to account for
                such multibyte target UTF-8 characters. cifs_unicode.c,
                which actually does the conversion, has the same limit */
-               tmp_buf = kmalloc((2 * NAME_MAX) + 4, GFP_KERNEL);
+               tmp_buf = kmalloc((4 * NAME_MAX) + 2, GFP_KERNEL);
                for (i = 0; (i < num_to_fill) && (rc == 0); i++) {
                        if (current_entry == NULL) {
                                /* evaluate whether this case is an error */
Clone of davem's net-next-2.6 tree