--- /dev/null
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1439
+
+--- a/fs/cifs/connect.c
++++ b/fs/cifs/connect.c
+@@ -3421,16 +3421,13 @@ CIFSTCon(unsigned int xid, struct cifsSe
+ BCC(smb_buffer_response)) {
+ kfree(tcon->nativeFileSystem);
+ tcon->nativeFileSystem =
+- kzalloc(length + 2, GFP_KERNEL);
++ kzalloc((4 * length) + 2, GFP_KERNEL);
+ if (tcon->nativeFileSystem)
+ cifs_strfromUCS_le(
+ tcon->nativeFileSystem,
+ (__le16 *) bcc_ptr,
+ length, nls_codepage);
+- bcc_ptr += 2 * length;
+- bcc_ptr[0] = 0; /* null terminate the string */
+- bcc_ptr[1] = 0;
+- bcc_ptr += 2;
++ bcc_ptr += (2 * length) + 2;
+ }
+ /* else do not bother copying these information fields*/
+ } else {
--- /dev/null
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1439
+
+--- a/fs/cifs/connect.c
++++ b/fs/cifs/connect.c
+@@ -3467,16 +3467,13 @@ CIFSTCon(unsigned int xid, struct cifsSe
+ BCC(smb_buffer_response)) {
+ kfree(tcon->nativeFileSystem);
+ tcon->nativeFileSystem =
+- kzalloc(length + 2, GFP_KERNEL);
++ kzalloc((4 * length) + 2, GFP_KERNEL);
+ if (tcon->nativeFileSystem)
+ cifs_strfromUCS_le(
+ tcon->nativeFileSystem,
+ (__le16 *) bcc_ptr,
+ length, nls_codepage);
+- bcc_ptr += 2 * length;
+- bcc_ptr[0] = 0; /* null terminate the string */
+- bcc_ptr[1] = 0;
+- bcc_ptr += 2;
++ bcc_ptr += (2 * length) + 2;
+ }
+ /* else do not bother copying these information fields*/
+ } else {
--- /dev/null
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1439
+
+--- a/fs/cifs/connect.c
++++ b/fs/cifs/connect.c
+@@ -3466,16 +3466,13 @@ CIFSTCon(unsigned int xid, struct cifsSe
+ BCC(smb_buffer_response)) {
+ kfree(tcon->nativeFileSystem);
+ tcon->nativeFileSystem =
+- kzalloc(length + 2, GFP_KERNEL);
++ kzalloc((4 * length) + 2, GFP_KERNEL);
+ if (tcon->nativeFileSystem)
+ cifs_strfromUCS_le(
+ tcon->nativeFileSystem,
+ (__le16 *) bcc_ptr,
+ length, nls_codepage);
+- bcc_ptr += 2 * length;
+- bcc_ptr[0] = 0; /* null terminate the string */
+- bcc_ptr[1] = 0;
+- bcc_ptr += 2;
++ bcc_ptr += (2 * length) + 2;
+ }
+ /* else do not bother copying these information fields*/
+ } else {