mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-07 03:18:31 +00:00
Code Issues Releases Wiki Activity

cifsd: fix potential read overflow in ksmbd_vfs_stream_read()

Browse source 
If *pos or *pos + count is greater than v_len, It will read beyond
the stream_buf buffer. This patch add the check and cut down count with
size of the buffer.

Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
This commit is contained in:
Namjae Jeon 2021-05-31 17:26:43 +09:00
parent fd6de099d7
commit 2ae1a6cc43
1 changed files with 11 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
fs/cifsd/vfs.c
View file

@ -285,9 +285,19 @@ static int ksmbd_vfs_stream_read(struct ksmbd_file *fp, char *buf, loff_t *pos,
if ((int)v_len <= 0)
return (int)v_len;
if (v_len <= *pos) {
count = -EINVAL;
goto free_buf;
}
if (v_len - *pos < count)
count = v_len - *pos;
memcpy(buf, &stream_buf[*pos], count);
free_buf:
kvfree(stream_buf);
return v_len > count ? count : v_len;
return count;
}
/**