CC [M] fs/smbfs/proc.o
fs/smbfs/proc.c: In function `smb_proc_readdir_long':
fs/smbfs/proc.c:2313: warning: comparison of unsigned expression < 0 is always false
fs/smbfs/proc.c:2467: warning: comparison of unsigned expression < 0 is always false
The first one is pretty dangerous looking, as smb_proc_readdir_long() can
return several negative error values and all those are converted to
unsigned and then erronously pass the test on line 2313. Chris Wright gave
it a quick look and we did not see immediately if this can be remotely
exploited, but it looks pretty scary.
The second warning on line 2467 is just extra so I just removed it.
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
*/
mask = param + 12;
- mask_len = smb_encode_path(server, mask, SMB_MAXPATHLEN+1, dir, &star);
- if (mask_len < 0) {
- result = mask_len;
+ result = smb_encode_path(server, mask, SMB_MAXPATHLEN+1, dir, &star);
+ if (result <= 0)
goto out_free;
- }
- mask_len--; /* mask_len is strlen, not #bytes */
+ mask_len = result - 1; /* mask_len is strlen, not #bytes */
+ result = 0;
first = 1;
VERBOSE("starting mask_len=%d, mask=%s\n", mask_len, mask);
- result = 0;
entries_seen = 2;
ff_eos = 0;
/*
* Update the mask string for the next message.
*/
- if (mask_len < 0)
- mask_len = 0;
if (mask_len > 255)
mask_len = 255;
if (mask_len)
projects / linux / commitdiff