2.6.28-stable review patch. If anyone has any objections, please let us know. ------------------ From: Steve French commit 69765529d701c838df19ea1f5ad2f33a528261ae upstream. Fixes kernel bug #10451 http://bugzilla.kernel.org/show_bug.cgi?id=10451 Certain NAS appliances do not set the operating system or network operating system fields in the session setup response on the wire. cifs was oopsing on the unexpected zero length response fields (when trying to null terminate a zero length field). This fixes the oops. Acked-by: Jeff Layton Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman --- fs/cifs/CHANGES | 2 ++ fs/cifs/sess.c | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) --- a/fs/cifs/CHANGES +++ b/fs/cifs/CHANGES @@ -1,3 +1,5 @@ +Fix oops in cifs_dfs_ref.c when prefixpath is not reachable when using DFS. + Version 1.55 ------------ Various fixes to make delete of open files behavior more predictable --- a/fs/cifs/sess.c +++ b/fs/cifs/sess.c @@ -228,7 +228,7 @@ static int decode_unicode_ssetup(char ** kfree(ses->serverOS); /* UTF-8 string will not grow more than four times as big as UCS-16 */ - ses->serverOS = kzalloc(4 * len, GFP_KERNEL); + ses->serverOS = kzalloc((4 * len) + 2 /* trailing null */, GFP_KERNEL); if (ses->serverOS != NULL) cifs_strfromUCS_le(ses->serverOS, (__le16 *)data, len, nls_cp); data += 2 * (len + 1); @@ -241,7 +241,7 @@ static int decode_unicode_ssetup(char ** return rc; kfree(ses->serverNOS); - ses->serverNOS = kzalloc(4 * len, GFP_KERNEL); /* BB this is wrong length FIXME BB */ + ses->serverNOS = kzalloc((4 * len) + 2 /* trailing null */, GFP_KERNEL); if (ses->serverNOS != NULL) { cifs_strfromUCS_le(ses->serverNOS, (__le16 *)data, len, nls_cp); -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/