Commit 96161256 authored by Jeff Layton's avatar Jeff Layton Committed by Steve French

cifs: fix handling of scopeid in cifs_convert_address

The code finds, the '%' sign in an ipv6 address and copies that to a
buffer allocated on the stack. It then ignores that buffer, and passes
'pct' to simple_strtoul(), which doesn't work right because we're
comparing 'endp' against a completely different string.

Fix it by passing the correct pointer. While we're at it, this is a
good candidate for conversion to strict_strtoul as well.

Cc: stable@kernel.org
Cc: David Howells <dhowells@redhat.com>
Reported-by: default avatarBjörn JACKE <bj@sernet.de>
Signed-off-by: default avatarJeff Layton <jlayton@redhat.com>
Signed-off-by: default avatarSteve French <sfrench@us.ibm.com>
parent a2640111
...@@ -170,7 +170,7 @@ cifs_convert_address(struct sockaddr *dst, const char *src, int len) ...@@ -170,7 +170,7 @@ cifs_convert_address(struct sockaddr *dst, const char *src, int len)
{ {
int rc, alen, slen; int rc, alen, slen;
const char *pct; const char *pct;
char *endp, scope_id[13]; char scope_id[13];
struct sockaddr_in *s4 = (struct sockaddr_in *) dst; struct sockaddr_in *s4 = (struct sockaddr_in *) dst;
struct sockaddr_in6 *s6 = (struct sockaddr_in6 *) dst; struct sockaddr_in6 *s6 = (struct sockaddr_in6 *) dst;
...@@ -197,9 +197,9 @@ cifs_convert_address(struct sockaddr *dst, const char *src, int len) ...@@ -197,9 +197,9 @@ cifs_convert_address(struct sockaddr *dst, const char *src, int len)
memcpy(scope_id, pct + 1, slen); memcpy(scope_id, pct + 1, slen);
scope_id[slen] = '\0'; scope_id[slen] = '\0';
s6->sin6_scope_id = (u32) simple_strtoul(pct, &endp, 0); rc = strict_strtoul(scope_id, 0,
if (endp != scope_id + slen) (unsigned long *)&s6->sin6_scope_id);
return 0; rc = (rc == 0) ? 1 : 0;
} }
return rc; return rc;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment