From: Jeff Layton <jlayton@redhat.com>
Date: Fri, 15 May 2009 09:39:31 -0400
Subject: [fs] cifs: fix error handling in parse_DFS_referrals
Message-id: 1242394771-23125-2-git-send-email-jlayton@redhat.com
O-Subject: [RHEL5.3.z PATCH 2/2] BZ#496576: cifs: fix error handling in parse_DFS_referrals
Bugzilla: 496576
RH-Acked-by: Josef Bacik <josef@redhat.com>
CVE: CVE-2009-1633

This patch is a backport of the second patch for BZ#496577 to 5.3.z

Upstream commit d8e2f53ac99f4ce7d63807a84f98d1b80df598cf

cifs_strndup_from_ucs returns NULL on error, not an ERR_PTR

This patch is currently in Steve French's tree and should make its
way to Linus soon.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
---
 fs/cifs/cifssmb.c |   12 ++++--------
 1 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
index e5db411..fab834d 100644
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -3941,9 +3941,8 @@ parse_DFS_referrals(TRANSACTION2_GET_DFS_REFER_RSP *pSMBr,
 		max_len = data_end - temp;
 		node->path_name = cifs_strndup_from_ucs(temp, max_len,
 						      is_unicode, nls_codepage);
-		if (IS_ERR(node->path_name)) {
-			rc = PTR_ERR(node->path_name);
-			node->path_name = NULL;
+		if (!node->path_name) {
+			rc = -ENOMEM;
 			goto parse_DFS_referrals_exit;
 		}
 
@@ -3952,11 +3951,8 @@ parse_DFS_referrals(TRANSACTION2_GET_DFS_REFER_RSP *pSMBr,
 		max_len = data_end - temp;
 		node->node_name = cifs_strndup_from_ucs(temp, max_len,
 						      is_unicode, nls_codepage);
-		if (IS_ERR(node->node_name)) {
-			rc = PTR_ERR(node->node_name);
-			node->node_name = NULL;
-			goto parse_DFS_referrals_exit;
-		}
+		if (!node->node_name)
+			rc = -ENOMEM;
 	}
 
 parse_DFS_referrals_exit:
-- 
1.5.5.6