Hi Linus,
This patch fixes memory corruption during vfat mount: one byte
before mount options is overwritten by ',' since strtok->strsep
conversion happened.
This patch also fixes another problem introduced by strtok->strsep
conversion: VFAT requires that FAT does not modify passed options,
but unfortunately FAT driver fails to preserve options string if
there is more than one consecutive comma in option string.
Thanks,
Petr Vandrovec
[email protected]
diff -urdN linux/fs/fat/inode.c linux/fs/fat/inode.c
--- linux/fs/fat/inode.c 2002-10-02 13:20:19.000000000 +0200
+++ linux/fs/fat/inode.c 2002-10-02 19:54:59.000000000 +0200
@@ -228,8 +228,6 @@
save = 0;
savep = NULL;
while ((this_char = strsep(&options,",")) != NULL) {
- if (!*this_char)
- continue;
if ((value = strchr(this_char,'=')) != NULL) {
save = *value;
savep = value;
@@ -351,7 +349,7 @@
strncpy(cvf_options,value,100);
}
- if (this_char != options) *(this_char-1) = ',';
+ if (options) *(options-1) = ',';
if (value) *savep = save;
if (ret == 0)
break;
diff -urdN linux/fs/vfat/namei.c linux/fs/vfat/namei.c
--- linux/fs/vfat/namei.c 2002-10-02 13:20:27.000000000 +0200
+++ linux/fs/vfat/namei.c 2002-10-02 19:54:28.000000000 +0200
@@ -117,8 +117,6 @@
savep = NULL;
ret = 1;
while ((this_char = strsep(&options,",")) != NULL) {
- if (!*this_char)
- continue;
if ((value = strchr(this_char,'=')) != NULL) {
save = *value;
savep = value;
@@ -154,8 +152,8 @@
else
ret = 0;
}
- if (this_char != options)
- *(this_char-1) = ',';
+ if (options)
+ *(options-1) = ',';
if (value) {
*savep = save;
}