nls: utf8_wcstombs: fix buffer overflow
authorClemens Ladisch <clemens@ladisch.de>
Fri, 24 Apr 2009 08:11:56 +0000 (10:11 +0200)
committerGreg Kroah-Hartman <gregkh@suse.de>
Tue, 16 Jun 2009 04:44:43 +0000 (21:44 -0700)
utf8_wcstombs forgot to include one-byte UTF-8 characters when
calculating the output buffer size, i.e., theoretically, it was possible
to overflow the output buffer with an input string that contains enough
ASCII characters.

In practice, this was no problem because the only user so far (VFAT)
always uses a big enough output buffer.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
fs/nls/nls_base.c

index 000736d89c9517ac531664191a5d6604f315a69b..750abf211e2608267d25174531c73e74d058ca6f 100644 (file)
@@ -150,6 +150,7 @@ utf8_wcstombs(__u8 *s, const wchar_t *pwcs, int maxlen)
                        }
                } else {
                        *op++ = (__u8) *ip;
+                       maxlen--;
                }
                ip++;
        }