[PATCH 1/2] [CIFS] possible memory corruption on mount

From: Steve French <sfrench(a)us.ibm.com&gt; CIFS cleanup_volume_info_contents() looks like having a memory corruption problem. When UNCip is set to "&vol->UNC[2]" in cifs_parse_mount_options(), it should not be kfree()-ed in cleanup_volume_info_contents(). Introduced in commit b946845a9dc523c759cae2b6a0f6827486c3221a Signed-off-by: J.R. Okajima <hooanon05(a)yahoo.co.jp&gt; Reviewed-by: Jeff Layton <jlayton(a)redhat.com&gt; CC: Stable <stable(a)kernel.org&gt; Signed-off-by: Steve French <sfrench(a)us.ibm.com&gt; --- fs/cifs/connect.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index ccc1afa..e0ea721 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -2838,7 +2838,8 @@ cleanup_volume_info_contents(struct smb_vol *volume_info) kfree(volume_info->username); kzfree(volume_info->password); kfree(volume_info->UNC); - kfree(volume_info->UNCip); + if (volume_info->UNCip != volume_info->UNC + 2) + kfree(volume_info->UNCip); kfree(volume_info->domainname); kfree(volume_info->iocharset); kfree(volume_info->prepath); -- 1.7.6