[PATCH v2 4/7] CIFS: Fix possible buffer corruption in cifs_user_read()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



If there was a short read in the middle of the rdata list,
we can end up with a corrupt output buffer.

Signed-off-by: Pavel Shilovsky <pshilovsky@xxxxxxxxx>
---
 fs/cifs/file.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/fs/cifs/file.c b/fs/cifs/file.c
index f6cb765..2927f02 100644
--- a/fs/cifs/file.c
+++ b/fs/cifs/file.c
@@ -3048,7 +3048,9 @@ again:
 			} else {
 				rc = cifs_readdata_to_iov(rdata, to);
 			}
-
+			/* if there was a short read -- discard anything left */
+			if (rdata->got_bytes && rdata->got_bytes < rdata->bytes)
+				rc = -ENODATA;
 		}
 		list_del_init(&rdata->list);
 		kref_put(&rdata->refcount, cifs_uncached_readdata_release);
-- 
1.8.1.2

--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux