[linux-cifs-client] [PATCH 4/4] cifs: verify lengths of QueryAllEAs reply
Steve French
smfrench at gmail.com
Mon Jan 11 18:25:05 MST 2010
On Mon, Jan 11, 2010 at 7:00 PM, Jeff Layton <jlayton at redhat.com> wrote:
> On Mon, 11 Jan 2010 15:57:44 -0600
> Steve French <smfrench at gmail.com> wrote:
>
> > > + }
> > > +
> > > + name_len = temp_fea->name_len;
> > > + value_len = le16_to_cpu(temp_fea->value_len);
> > > + if (temp_ptr + name_len + value_len > end_of_smb) {
> ^^^^^^^^
> erm...I think I forgot to figure in the null
> terminator here on the name. I'll respin and
> resend. In case it's not obvious, please be
> sure to sanity check my pointer math in this
> patch :)
>
>
ok ... :)
--
Thanks,
Steve
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/linux-cifs-client/attachments/20100111/b809fa52/attachment.html>
More information about the linux-cifs-client
mailing list