diff options
| author | Steve French <stfrench@microsoft.com> | 2019-08-05 17:07:26 -0500 |
|---|---|---|
| committer | Steve French <stfrench@microsoft.com> | 2019-09-16 11:43:37 -0500 |
| commit | df58fae72428be113f041fe55c9605a9088bfb14 (patch) | |
| tree | afdb5dcecf5ea77ab71c5217954b6d46336a436e /fs/cifs | |
| parent | 2617474bfa33ab6c47c515e57dfbe754f8970640 (diff) | |
| download | linux-df58fae72428be113f041fe55c9605a9088bfb14.tar.gz linux-df58fae72428be113f041fe55c9605a9088bfb14.tar.bz2 linux-df58fae72428be113f041fe55c9605a9088bfb14.zip | |
smb3: Incorrect size for netname negotiate context
It is not null terminated (length was off by two).
Also see similar change to Samba:
https://gitlab.com/samba-team/samba/merge_requests/666
Reported-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Diffstat (limited to 'fs/cifs')
| -rw-r--r-- | fs/cifs/smb2pdu.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index a653c429e8dc..a33cb91b4963 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -503,8 +503,7 @@ build_netname_ctxt(struct smb2_netname_neg_context *pneg_ctxt, char *hostname) pneg_ctxt->ContextType = SMB2_NETNAME_NEGOTIATE_CONTEXT_ID; /* copy up to max of first 100 bytes of server name to NetName field */ - pneg_ctxt->DataLength = cpu_to_le16(2 + - (2 * cifs_strtoUTF16(pneg_ctxt->NetName, hostname, 100, cp))); + pneg_ctxt->DataLength = cpu_to_le16(2 * cifs_strtoUTF16(pneg_ctxt->NetName, hostname, 100, cp)); /* context size is DataLength + minimal smb2_neg_context */ return DIV_ROUND_UP(le16_to_cpu(pneg_ctxt->DataLength) + sizeof(struct smb2_neg_context), 8) * 8; |