From: Jeff Layton <jlayton@redhat.com> Date: Thu, 19 Nov 2009 14:38:32 -0500 Subject: [cifs] fix read buffer overflow Message-id: <1258641517-20756-6-git-send-email-jlayton@redhat.com> Patchwork-id: 21432 O-Subject: [RHEL5.5 PATCH 05/10] BZ#500838: cifs: Read buffer overflow Bugzilla: 500838 RH-Acked-by: Peter Staubach <staubach@redhat.com> From: Roel Kluin <roel.kluin@gmail.com> (Upstream commit 24e2fb615fd6b624c320cec9ea9d91a75dad902e) Check whether index is within bounds before testing the element. Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Roel Kluin <roel.kluin@gmail.com> Signed-off-by: Steve French <sfrench@us.ibm.com> diff --git a/fs/cifs/cifs_unicode.c b/fs/cifs/cifs_unicode.c index 60e3c42..714a542 100644 --- a/fs/cifs/cifs_unicode.c +++ b/fs/cifs/cifs_unicode.c @@ -44,7 +44,7 @@ cifs_ucs2_bytes(const __le16 *from, int maxbytes, int maxwords = maxbytes / 2; char tmp[NLS_MAX_CHARSET_SIZE]; - for (i = 0; from[i] && i < maxwords; i++) { + for (i = 0; i < maxwords && from[i]; i++) { charlen = codepage->uni2char(le16_to_cpu(from[i]), tmp, NLS_MAX_CHARSET_SIZE); if (charlen > 0)