cifs: fix buffer overrun in parse_DFS_referrals

[linux-2.6-omap-h63xx.git] / fs / cifs / cifssmb.c

diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
index 2af8626ced435c10bea3654e38570f7decaa8a7d..6d51696dc762d3b6656ed027fe2d7ed40d549409 100644 (file)
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -3983,7 +3983,8 @@ parse_DFS_referrals(TRANSACTION2_GET_DFS_REFER_RSP *pSMBr,
 
                node->flags = le16_to_cpu(pSMBr->DFSFlags);
                if (is_unicode) {
-                       __le16 *tmp = kmalloc(strlen(searchName)*2, GFP_KERNEL);
+                       __le16 *tmp = kmalloc(strlen(searchName)*2 + 2,
+                                               GFP_KERNEL);
                        cifsConvertToUCS((__le16 *) tmp, searchName,
                                        PATH_MAX, nls_codepage, remap);
                        node->path_consumed = hostlen_fromUCS(tmp,