Showing error 1657

User: Jiri Slaby
Error type: Invalid Pointer Dereference
Error type description: A pointer which is invalid is being dereferenced
File location: fs/cifs/connect.c
Line in file: 3338
Project: Linux Kernel
Project version: 2.6.28
Tools: Smatch (1.59)
Entered: 2013-09-10 07:54:05 UTC

Source: 

3308  the end since (at least) WIN2K and Windows XP have a major bug in not null
3309  terminating last Unicode string in response  */
3310                                        if (ses->serverOS)
3311                                                kfree(ses->serverOS);
3312                                        ses->serverOS =
3313                                            kzalloc(2 * (len + 1), GFP_KERNEL);
3314                                        cifs_strfromUCS_le(ses->serverOS,
3315                                                           (__le16 *)
3316                                                           bcc_ptr, len,
3317                                                           nls_codepage);
3318                                        bcc_ptr += 2 * (len + 1);
3319                                        remaining_words -= len + 1;
3320                                        ses->serverOS[2 * len] = 0;
3321                                        ses->serverOS[1 + (2 * len)] = 0;
3322                                        if (remaining_words > 0) {
3323                                                len = UniStrnlen((wchar_t *)
3324                                                                 bcc_ptr,
3325                                                                 remaining_words
3326                                                                 - 1);
3327                                                kfree(ses->serverNOS);
3328                                                ses->serverNOS =
3329                                                    kzalloc(2 * (len + 1),
3330                                                            GFP_KERNEL);
3331                                                cifs_strfromUCS_le(ses->
3332                                                                   serverNOS,
3333                                                                   (__le16 *)
3334                                                                   bcc_ptr,
3335                                                                   len,
3336                                                                   nls_codepage);
3337                                                bcc_ptr += 2 * (len + 1);
3338                                                ses->serverNOS[2 * len] = 0;
3339                                                ses->serverNOS[1+(2*len)] = 0;
3340                                                remaining_words -= len + 1;
3341                                                if (remaining_words > 0) {
3342                                                        len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
3343     /* last string not always null terminated (e.g. for Windows XP & 2000) */
3344                                                        if (ses->serverDomain)
3345                                                                kfree(ses->serverDomain);
3346                                                        ses->serverDomain =
3347                                                            kzalloc(2 *
3348                                                                    (len +
Show full sources