Previously the code assumed that the ACE that was copied was of a
fixed size. Save off the return value from copy_ace and ensure that
we apply it correctly to the size and offset.
Reported-by: Jian Li <jiali@xxxxxxxxxx>
Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx>
---
setcifsacl.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/setcifsacl.c b/setcifsacl.c
index 7f92b91..67dd29c 100644
--- a/setcifsacl.c
+++ b/setcifsacl.c
@@ -183,7 +183,7 @@ static int
ace_set(struct cifs_ntsd *pntsd, struct cifs_ntsd **npntsd, ssize_t *bufsize,
struct cifs_ace **cacesptr, int numcaces)
{
- int i, rc, acessize = 0;
+ int i, rc, size = 0, acessize = 0;
size_t acesoffset;
char *acesptr;
@@ -193,8 +193,9 @@ ace_set(struct cifs_ntsd *pntsd, struct cifs_ntsd **npntsd, ssize_t *bufsize,
acesptr = (char *)*npntsd + acesoffset;
for (i = 0; i < numcaces; ++i) {
- acessize += copy_ace((struct cifs_ace *)acesptr, cacesptr[i]);
- acesptr += sizeof(struct cifs_ace);
+ size = copy_ace((struct cifs_ace *)acesptr, cacesptr[i]);
+ acessize += size;
+ acesptr += size;
}
copy_sec_desc(pntsd, *npntsd, numcaces, acessize);
acesptr = (char *)*npntsd + acesoffset;
--
1.7.11.7
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
