From clemens@ladisch.de  Fri Apr 24 15:32:58 2009
From: Clemens Ladisch <clemens@ladisch.de>
Date: Fri, 24 Apr 2009 10:11:56 +0200
Subject: nls: utf8_wcstombs: fix buffer overflow
To: Greg KH <greg@kroah.com>
Cc: Eugen Dedu <Eugen.Dedu@pu-pm.univ-fcomte.fr>, Alan Stern <stern@rowland.harvard.edu>
Message-ID: <49F1744C.9010203@ladisch.de>


utf8_wcstombs forgot to include one-byte UTF-8 characters when
calculating the output buffer size, i.e., theoretically, it was possible
to overflow the output buffer with an input string that contains enough
ASCII characters.

In practice, this was no problem because the only user so far (VFAT)
always uses a big enough output buffer.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

---
 fs/nls/nls_base.c |    1 +
 1 file changed, 1 insertion(+)

--- a/fs/nls/nls_base.c
+++ b/fs/nls/nls_base.c
@@ -150,6 +150,7 @@ utf8_wcstombs(__u8 *s, const wchar_t *pw
 			}
 		} else {
 			*op++ = (__u8) *ip;
+			maxlen--;
 		}
 		ip++;
 	}