Sophie

Sophie

distrib > Scientific%20Linux > 5x > x86_64 > by-pkgid > 27922b4260f65d317aabda37e42bbbff > files > 892

kernel-2.6.18-238.el5.src.rpm

From: Jeff Layton <jlayton@redhat.com>
Date: Thu, 14 May 2009 11:29:35 -0400
Subject: [fs] cifs: fix error handling in parse_DFS_referrals
Message-id: 1242314975-8714-1-git-send-email-jlayton@redhat.com
O-Subject: [RHEL5 PATCH] BZ#496577: cifs: fix error handling in parse_DFS_referrals
Bugzilla: 496577
RH-Acked-by: Josef Bacik <josef@redhat.com>
CVE: CVE-2009-1633

This is a patch to the earlier patch for the unicode buffer overruns.
It's a pretty clear problem of mishandled error handling.

cifs_strndup_from_ucs returns NULL on error, not an ERR_PTR

The patch has been taken upstream by Steve French and he's pushing it to
Linus today.

Signed-off-by: Jeff Layton <jlayton@redhat.com>

diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
index 256caa5..3a08aa2 100644
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -3986,9 +3986,8 @@ parse_DFS_referrals(TRANSACTION2_GET_DFS_REFER_RSP *pSMBr,
 		max_len = data_end - temp;
 		node->path_name = cifs_strndup_from_ucs(temp, max_len,
 						      is_unicode, nls_codepage);
-		if (IS_ERR(node->path_name)) {
-			rc = PTR_ERR(node->path_name);
-			node->path_name = NULL;
+		if (!node->path_name) {
+			rc = -ENOMEM;
 			goto parse_DFS_referrals_exit;
 		}
 
@@ -3997,11 +3996,8 @@ parse_DFS_referrals(TRANSACTION2_GET_DFS_REFER_RSP *pSMBr,
 		max_len = data_end - temp;
 		node->node_name = cifs_strndup_from_ucs(temp, max_len,
 						      is_unicode, nls_codepage);
-		if (IS_ERR(node->node_name)) {
-			rc = PTR_ERR(node->node_name);
-			node->node_name = NULL;
-			goto parse_DFS_referrals_exit;
-		}
+		if (!node->node_name)
+			rc = -ENOMEM;
 	}
 
 parse_DFS_referrals_exit: