2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------ From: Jeff Layton <[email protected]> commit ba03864872691c0bb580a7fb47388da337ef4aa2 upstream. The DFS referral parsing code does a memchr() call to find the '\\' delimiter that separates the hostname in the referral UNC from the sharename. It then uses that value to set the length of the hostname via pointer subtraction. Instead of subtracting the start of the hostname however, it subtracts the start of the UNC, which causes the code to pass in a hostname length that is 2 bytes too long. Regression introduced in commit 1a4240f4. Reported-and-Tested-by: Robbert Kouprie <[email protected]> Signed-off-by: Jeff Layton <[email protected]> Cc: Wang Lei <[email protected]> Cc: David Howells <[email protected]> Signed-off-by: Steve French <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> --- fs/cifs/dns_resolve.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/cifs/dns_resolve.c +++ b/fs/cifs/dns_resolve.c @@ -66,7 +66,7 @@ dns_resolve_server_name_to_ip(const char /* Search for server name delimiter */ sep = memchr(hostname, '\\', len); if (sep) - len = sep - unc; + len = sep - hostname; else cFYI(1, "%s: probably server name is whole unc: %s", __func__, unc); _______________________________________________ stable mailing list [email protected] http://linux.kernel.org/mailman/listinfo/stable
