Added Ronnie's reviewed-by and pushed to cifs-2.6.git for-next
On Tue, Oct 9, 2018 at 5:27 PM Gustavo A. R. Silva
<gustavo@xxxxxxxxxxxxxx> wrote:
>
> There is a potential execution path in which variable *resp_buftype*
> is passed as an argument to function free_rsp_buf(), in which it is
> used in a comparison without being properly initialized previously.
>
> Fix this by initializing variable *resp_buftype* to CIFS_NO_BUFFER
> in order to avoid unpredictable or unintended results.
>
> Addresses-Coverity-ID: 1473971 ("Uninitialized scalar variable")
> Fixes: c5d25bdb2967 ("cifs: add IOCTL for QUERY_INFO passthrough to userspace")
> Signed-off-by: Gustavo A. R. Silva <gustavo@xxxxxxxxxxxxxx>
> ---
> Changes in v3:
> - Initialize resp_buftype to CIFS_NO_BUFFER instead of to -1.
> Thanks to Ronnie Sahlberg for pointing this out.
>
> Changes in v2:
> - Fix Coverity and Fixes tag.
> - Update commit log.
>
> fs/cifs/smb2ops.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
> index c6c6450d..8472cb0 100644
> --- a/fs/cifs/smb2ops.c
> +++ b/fs/cifs/smb2ops.c
> @@ -1133,7 +1133,7 @@ smb2_ioctl_query_info(const unsigned int xid,
> struct smb_rqst rqst;
> struct kvec iov[1];
> struct kvec rsp_iov;
> - int resp_buftype;
> + int resp_buftype = CIFS_NO_BUFFER;
> struct smb2_query_info_rsp *rsp = NULL;
> void *buffer;
>
> --
> 2.7.4
>
--
Thanks,
Steve
