[patch] cifs: writing past the end of the array

[patch] cifs: writing past the end of the array

[Dan Carpenter]

This is a cut and paste error.  p16 only has 16 chars, not 21.

Signed-off-by: Dan Carpenter <error27@gmail.com>

diff --git a/fs/cifs/smbencrypt.c b/fs/cifs/smbencrypt.c
index 3967635..1525d5e 100644
--- a/fs/cifs/smbencrypt.c
+++ b/fs/cifs/smbencrypt.c
@@ -353,7 +353,7 @@ SMBNTencrypt(unsigned char *passwd, unsigned char *c8, unsigned char *p24)
 	int rc;
 	unsigned char p16[16], p21[21];
 
-	memset(p16, '\0', 21);
+	memset(p16, '\0', 16);
 	memset(p21, '\0', 21);
 
 	rc = E_md4hash(passwd, p16);

Re: [patch] cifs: writing past the end of the array

[Shirish Pargaonkar]

On Sun, Mar 6, 2011 at 7:26 AM, Dan Carpenter <error27@gmail.com> wrote:
> This is a cut and paste error.  p16 only has 16 chars, not 21.
>
> Signed-off-by: Dan Carpenter <error27@gmail.com>
>
> diff --git a/fs/cifs/smbencrypt.c b/fs/cifs/smbencrypt.c
> index 3967635..1525d5e 100644
> --- a/fs/cifs/smbencrypt.c
> +++ b/fs/cifs/smbencrypt.c
> @@ -353,7 +353,7 @@ SMBNTencrypt(unsigned char *passwd, unsigned char *c8, unsigned char *p24)
>        int rc;
>        unsigned char p16[16], p21[21];
>
> -       memset(p16, '\0', 21);
> +       memset(p16, '\0', 16);
>        memset(p21, '\0', 21);
>
>        rc = E_md4hash(passwd, p16);
> --
> To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>

Looks correct.

Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
--
To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [patch] cifs: writing past the end of the array

[walter harms]

Am 06.03.2011 14:26, schrieb Dan Carpenter:
> This is a cut and paste error.  p16 only has 16 chars, not 21.
> 
> Signed-off-by: Dan Carpenter <error27@gmail.com>
> 
> diff --git a/fs/cifs/smbencrypt.c b/fs/cifs/smbencrypt.c
> index 3967635..1525d5e 100644
> --- a/fs/cifs/smbencrypt.c
> +++ b/fs/cifs/smbencrypt.c
> @@ -353,7 +353,7 @@ SMBNTencrypt(unsigned char *passwd, unsigned char *c8, unsigned char *p24)
>  	int rc;
>  	unsigned char p16[16], p21[21];
>  
> -	memset(p16, '\0', 21);
> +	memset(p16, '\0', 16);
>  	memset(p21, '\0', 21);
>  
>  	rc = E_md4hash(passwd, p16);


perhaps ARRAY_SIZE() instead of a magic number is a better choice ?

re,
 wh

Re: [patch] cifs: writing past the end of the array

[Jeff Layton]

On Sun, 06 Mar 2011 18:11:23 +0100
walter harms <wharms@bfs.de> wrote:

> 
> 
> Am 06.03.2011 14:26, schrieb Dan Carpenter:
> > This is a cut and paste error.  p16 only has 16 chars, not 21.
> > 
> > Signed-off-by: Dan Carpenter <error27@gmail.com>
> > 
> > diff --git a/fs/cifs/smbencrypt.c b/fs/cifs/smbencrypt.c
> > index 3967635..1525d5e 100644
> > --- a/fs/cifs/smbencrypt.c
> > +++ b/fs/cifs/smbencrypt.c
> > @@ -353,7 +353,7 @@ SMBNTencrypt(unsigned char *passwd, unsigned char *c8, unsigned char *p24)
> >  	int rc;
> >  	unsigned char p16[16], p21[21];
> >  
> > -	memset(p16, '\0', 21);
> > +	memset(p16, '\0', 16);
> >  	memset(p21, '\0', 21);
> >  
> >  	rc = E_md4hash(passwd, p16);
> 
> 
> perhaps ARRAY_SIZE() instead of a magic number is a better choice ?
> 

Agreed. Care to propose a patch? There are almost certainly other
places in the code that could use a similar cleanup.

-- 
Jeff Layton <jlayton@redhat.com>

Re: [patch] cifs: writing past the end of the array

[walter harms]

Am 07.03.2011 17:09, schrieb Jeff Layton:
> On Sun, 06 Mar 2011 18:11:23 +0100
> walter harms <wharms@bfs.de> wrote:
> 
>>
>>
>> Am 06.03.2011 14:26, schrieb Dan Carpenter:
>>> This is a cut and paste error.  p16 only has 16 chars, not 21.
>>>
>>> Signed-off-by: Dan Carpenter <error27@gmail.com>
>>>
>>> diff --git a/fs/cifs/smbencrypt.c b/fs/cifs/smbencrypt.c
>>> index 3967635..1525d5e 100644
>>> --- a/fs/cifs/smbencrypt.c
>>> +++ b/fs/cifs/smbencrypt.c
>>> @@ -353,7 +353,7 @@ SMBNTencrypt(unsigned char *passwd, unsigned char *c8, unsigned char *p24)
>>>  	int rc;
>>>  	unsigned char p16[16], p21[21];
>>>  
>>> -	memset(p16, '\0', 21);
>>> +	memset(p16, '\0', 16);
>>>  	memset(p21, '\0', 21);
>>>  
>>>  	rc = E_md4hash(passwd, p16);
>>
>>
>> perhaps ARRAY_SIZE() instead of a magic number is a better choice ?
>>
> 
> Agreed. Care to propose a patch? There are almost certainly other
> places in the code that could use a similar cleanup.
> 

Dan, i think he is sending to you :)

re,
 wh

Re: [patch] cifs: writing past the end of the array

[Dan Carpenter]

On Tue, Mar 08, 2011 at 09:25:36AM +0100, walter harms wrote:
> >>> --- a/fs/cifs/smbencrypt.c
> >>> +++ b/fs/cifs/smbencrypt.c
> >>> @@ -353,7 +353,7 @@ SMBNTencrypt(unsigned char *passwd, unsigned char *c8, unsigned char *p24)
> >>>  	int rc;
> >>>  	unsigned char p16[16], p21[21];
> >>>  
> >>> -	memset(p16, '\0', 21);
> >>> +	memset(p16, '\0', 16);
> >>>  	memset(p21, '\0', 21);
> >>>  
> >>>  	rc = E_md4hash(passwd, p16);
> >>
> >>
> >> perhaps ARRAY_SIZE() instead of a magic number is a better choice ?
> >>
> > 
> > Agreed. Care to propose a patch? There are almost certainly other
> > places in the code that could use a similar cleanup.
> > 
> 
> Dan, i think he is sending to you :)
> 

Nah, man.  He's talking to you.  :P

The 16 can't change.  It's built into the name.  Also you should
probably use sizeof() instead of ARRAY_SIZE().  They're the same in this
case because it's type char but sizeof is more standard.

regards,
dan carpenter