tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

cifs: fix handling of scopeid in cifs_convert_address

The code finds, the '%' sign in an ipv6 address and copies that to a
buffer allocated on the stack. It then ignores that buffer, and passes
'pct' to simple_strtoul(), which doesn't work right because we're
comparing 'endp' against a completely different string.

Fix it by passing the correct pointer. While we're at it, this is a
good candidate for conversion to strict_strtoul as well.

Cc: stable@kernel.org
Cc: David Howells <dhowells@redhat.com>
Reported-by: Björn JACKE <bj@sernet.de>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>

authored by Jeff Layton and committed by Steve French 96161256 a2640111

+4 -4
unified split
+4 -4
fs/cifs/netmisc.c
··· 170 170 { 171 171 int rc, alen, slen; 172 172 const char *pct; 173 - char *endp, scope_id[13]; 173 + char scope_id[13]; 174 174 struct sockaddr_in *s4 = (struct sockaddr_in *) dst; 175 175 struct sockaddr_in6 *s6 = (struct sockaddr_in6 *) dst; 176 176 ··· 197 197 memcpy(scope_id, pct + 1, slen); 198 198 scope_id[slen] = '\0'; 199 199 200 - s6->sin6_scope_id = (u32) simple_strtoul(pct, &endp, 0); 201 - if (endp != scope_id + slen) 202 - return 0; 200 + rc = strict_strtoul(scope_id, 0, 201 + (unsigned long *)&s6->sin6_scope_id); 202 + rc = (rc == 0) ? 1 : 0; 203 203 } 204 204 205 205 return rc;