public inbox for kernel-janitors@vger.kernel.org
 help / color / mirror / Atom feed
* [patch] cifs: writing past end of struct in cifs_convert_address()
@ 2012-03-01  7:06 Dan Carpenter
       [not found] ` <20120301070652.GA6959-mgFCXtclrQlZLf2FXnZxJA@public.gmane.org>
  0 siblings, 1 reply; 3+ messages in thread
From: Dan Carpenter @ 2012-03-01  7:06 UTC (permalink / raw)
  To: Steve French, Jeff Layton; +Cc: linux-cifs, kernel-janitors, samba-technical

"s6->sin6_scope_id" is an int bits but strict_strtoul() writes a long
so this can corrupt memory on 64 bit systems.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

diff --git a/fs/cifs/netmisc.c b/fs/cifs/netmisc.c
index 73e47e8..cab99b5 100644
--- a/fs/cifs/netmisc.c
+++ b/fs/cifs/netmisc.c
@@ -197,8 +197,7 @@ cifs_convert_address(struct sockaddr *dst, const char *src, int len)
 		memcpy(scope_id, pct + 1, slen);
 		scope_id[slen] = '\0';
 
-		rc = strict_strtoul(scope_id, 0,
-					(unsigned long *)&s6->sin6_scope_id);
+		rc = kstrtouint(scope_id, 0, &s6->sin6_scope_id);
 		rc = (rc = 0) ? 1 : 0;
 	}
 

^ permalink raw reply related	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2012-03-29 19:57 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-03-01  7:06 [patch] cifs: writing past end of struct in cifs_convert_address() Dan Carpenter
     [not found] ` <20120301070652.GA6959-mgFCXtclrQlZLf2FXnZxJA@public.gmane.org>
2012-03-01 11:47   ` Jeff Layton
2012-03-29 19:57   ` Jeff Layton

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox