ClabureDB: Classified Bug-Reports Database

Project: Linux Kernel

Showing error 1655

User:	Jiri Slaby
Error type:	Invalid Pointer Dereference
Error type description:	A pointer which is invalid is being dereferenced
File location:	fs/cifs/connect.c
Line in file:	2956
Project:	Linux Kernel
Project version:	2.6.28
Tools:	Smatch (1.59)
Entered:	2013-09-10 07:54:05 UTC

Source:

2926                                                ses->serverNOS =
2927                                                    kzalloc(2 * (len + 1),
2928                                                            GFP_KERNEL);
2929                                                cifs_strfromUCS_le(ses->
2930                                                                   serverNOS,
2931                                                                   (__le16 *)
2932                                                                   bcc_ptr,
2933                                                                   len,
2934                                                                   nls_codepage);
2935                                                bcc_ptr += 2 * (len + 1);
2936                                                ses->serverNOS[2 * len] = 0;
2937                                                ses->serverNOS[1 +
2938                                                               (2 * len)] = 0;
2939                                                remaining_words -= len + 1;
2940                                                if (remaining_words > 0) {
2941                                                        len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2942                                /* last string not always null terminated
2943                                   (for e.g. for Windows XP & 2000) */
2944                                                        kfree(ses->serverDomain);
2945                                                        ses->serverDomain =
2946                                                            kzalloc(2 *
2947                                                                    (len +
2948                                                                     1),
2949                                                                    GFP_KERNEL);
2950                                                        cifs_strfromUCS_le
2951                                                            (ses->serverDomain,
2952                                                             (__le16 *)bcc_ptr,
2953                                                             len, nls_codepage);
2954                                                        bcc_ptr +=
2955                                                            2 * (len + 1);
2956                                                        ses->serverDomain[2*len]
2957                                                            = 0;
2958                                                        ses->serverDomain
2959                                                                [1 + (2 * len)]
2960                                                            = 0;
2961                                                } /* else no more room so create dummy domain string */
2962                                                else {
2963                                                        kfree(ses->serverDomain);
2964                                                        ses->serverDomain =
2965                                                            kzalloc(2,
2966                                                                    GFP_KERNEL);

Show full sources