[CIFS] Maximum username length check in session setup does not match

Fix length check reported by D. Binderman (see below)

d binderman <dcb314@hotmail.com> wrote:
>
> I just ran the sourceforge tool cppcheck over the source code of the
> new Linux kernel 2.6.33-rc6
>
> It said
>
> [./cifs/sess.c:250]: (error) Buffer access out-of-bounds

May turn out to be harmless, but best to be safe. Note max
username length is defined to 32 due to Linux (Windows
maximum is 20).

Signed-off-by: Steve French <sfrench@us.ibm.com>

diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
index 7085a6275c4c9f0635383033dde2ee572bb046b0..aaa9c1c5a5bd243e398b96fe6a278c85595c64c9 100644 (file)
--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c
@@ -223,9 +223,9 @@ static void unicode_ssetup_strings(char **pbcc_area, struct cifsSesInfo *ses,
                /* null user mount */
                *bcc_ptr = 0;
                *(bcc_ptr+1) = 0;
-       } else { /* 300 should be long enough for any conceivable user name */
+       } else {
                bytes_ret = cifs_strtoUCS((__le16 *) bcc_ptr, ses->userName,
-                                         300, nls_cp);
+                                         MAX_USERNAME_SIZE, nls_cp);
        }
        bcc_ptr += 2 * bytes_ret;
        bcc_ptr += 2; /* account for null termination */
@@ -246,11 +246,10 @@ static void ascii_ssetup_strings(char **pbcc_area, struct cifsSesInfo *ses,
        /* copy user */
        if (ses->userName == NULL) {
                /* BB what about null user mounts - check that we do this BB */
-       } else { /* 300 should be long enough for any conceivable user name */
-               strncpy(bcc_ptr, ses->userName, 300);
+       } else {
+               strncpy(bcc_ptr, ses->userName, MAX_USERNAME_SIZE);
        }
-       /* BB improve check for overflow */
-       bcc_ptr += strnlen(ses->userName, 300);
+       bcc_ptr += strnlen(ses->userName, MAX_USERNAME_SIZE);
        *bcc_ptr = 0;
        bcc_ptr++; /* account for null termination */