Jeff Layton <jlayton@xxxxxxxxxx> wrote: > The buffer length checks in this function depend on this value being a > signed data type, but 690c522fa converted it to an unsigned type. > > Also, eliminate a problem with the null termination check in the same > function. cifs_strndup_from_ucs handles that situation correctly > already, and the existing check could potentially lead to a buffer > overrun since it increments bleft without checking to see whether it > falls off the end of the buffer. > > Cc: stable@xxxxxxxxxx > Reported-by: David Howells <dhowells@xxxxxxxxxx> > Signed-off-by: Jeff Layton <jlayton@xxxxxxxxxx> Acked-by: David Howells <dhowells@xxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
