From ac962fbe2c09940a17a32c2b6e0ff947965cdc54 Mon Sep 17 00:00:00 2001
From: Namjae Jeon <linkinjeon@kernel.org>
Date: Fri, 7 Apr 2023 23:45:46 +0900
Subject: [PATCH 4/4] ksmbd: fix heap-based overflow in
 samr_query_user_info_return()

Add +1 for NULL terminator space.

Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-17820
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
---
 mountd/rpc_samr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mountd/rpc_samr.c b/mountd/rpc_samr.c
index 9c38700bf475..e169810b117f 100644
--- a/mountd/rpc_samr.c
+++ b/mountd/rpc_samr.c
@@ -425,7 +425,7 @@ static int samr_query_user_info_return(struct ksmbd_rpc_pipe *pipe)
 	if (gethostname(hostname, NAME_MAX))
 		return KSMBD_RPC_ENOMEM;
 
-	home_dir_len = 2 + strlen(hostname) + 1 + strlen(ch->user->name);
+	home_dir_len = 2 + strlen(hostname) + 1 + strlen(ch->user->name) + 1;
 
 	home_dir = g_try_malloc0(home_dir_len);
 	if (!home_dir)
-- 
2.34.1