Home Explore Help
Sign In
PUBLIC_REPOS
/
ti-processor-sdk-linux
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

CIFS: Fix possible buffer corruption in cifs_user_read()

If there was a short read in the middle of the rdata list,
we can end up with a corrupt output buffer.

Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org>
Signed-off-by: Steve French <smfrench@gmail.com>
Pavel Shilovsky 11 years ago
parent
b3160aebb4
commit
2e8a05d802
1 changed files with 3 additions and 1 deletions
Split View Show Diff Stats
  1. 3 1
      fs/cifs/file.c

+ 3 - 1
fs/cifs/file.c
View File 

@@ -3049,7 +3049,9 @@ again:
 
 			} else {
 
 				rc = cifs_readdata_to_iov(rdata, to);
 
 			}
 
-
 
+			/* if there was a short read -- discard anything left */
 
+			if (rdata->got_bytes && rdata->got_bytes < rdata->bytes)
 
+				rc = -ENODATA;
 
 		}
 
 		list_del_init(&rdata->list);
 
 		kref_put(&rdata->refcount, cifs_uncached_readdata_release);