From: Jeff Layton <jlayton@redhat.com>
Date: Wed, 27 Apr 2011 17:29:49 +0000 (-0400)
Subject: cifs: sanitize length checking in coalesce_t2 (try #3)
X-Git-Tag: v2.6.39-rc7~9^2~2
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2a2047bc94d0efc316401170c3d078d9edc20dc4;p=pandora-kernel.git

cifs: sanitize length checking in coalesce_t2 (try #3)

There are a couple of places in this code where these values can wrap or
go negative, and that could potentially end up overflowing the buffer.
Ensure that that doesn't happen. Do all of the length calculation and
checks first, and only perform the memcpy after they pass.

Also, increase some stack variables to 32 bits to ensure that they don't
wrap without being detected.

Finally, change the error codes to be a bit more descriptive of any
problems detected. -EINVAL isn't very accurate.

Cc: stable@kernel.org
Reported-and-Acked-by: David Howells <dhowells@redhat.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
---

Reading git-diff-tree failed