mount.cifs: fix handling of scopeid in resolve_host

We get a pointer to the end of the address string (ipaddr), but the call
snprintf and pass in tmpbuf which is a pointer to the beginning of the
address string. If someone passes in an address with a scopeid then we
end up overwriting the entire address string.

Reported-by: Björn JACKE <bj@sernet.de>
Signed-off-by: Jeff Layton <jlayton@samba.org>

diff --git a/resolve_host.c b/resolve_host.c
index 7687503f5fbf39fb756a8abd6aa57c9ccece2e3c..69859a3119cfe39788bfd80b45bc1f230e9c301f 100644 (file)
--- a/resolve_host.c
+++ b/resolve_host.c
@@ -71,7 +71,7 @@ int resolve_host(const char *host, char *addrstr)
                        if (sin6->sin6_scope_id) {
                                len = strnlen(tmpbuf, sizeof(tmpbuf));
                                ipaddr = tmpbuf + len;
-                               snprintf(tmpbuf, sizeof(tmpbuf) - len, "%%%u",
+                               snprintf(ipaddr, sizeof(tmpbuf) - len, "%%%u",
                                         sin6->sin6_scope_id);
                        }
                        break;