mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-29 22:02:02 +00:00
cifs: fix underflow in parse_server_interfaces()
[ Upstream commitcffe487026
] In this loop, we step through the buffer and after each item we check if the size_left is greater than the minimum size we need. However, the problem is that "bytes_left" is type ssize_t while sizeof() is type size_t. That means that because of type promotion, the comparison is done as an unsigned and if we have negative bytes left the loop continues instead of ending. Fixes:fe856be475
("CIFS: parse and store info on iface queries") Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org> Reviewed-by: Shyam Prasad N <sprasad@microsoft.com> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
parent
e7f744f6f4
commit
f7ff1c89fb
1 changed files with 1 additions and 1 deletions
|
@ -619,7 +619,7 @@ parse_server_interfaces(struct network_interface_info_ioctl_rsp *buf,
|
|||
goto out;
|
||||
}
|
||||
|
||||
while (bytes_left >= sizeof(*p)) {
|
||||
while (bytes_left >= (ssize_t)sizeof(*p)) {
|
||||
memset(&tmp_iface, 0, sizeof(tmp_iface));
|
||||
tmp_iface.speed = le64_to_cpu(p->LinkSpeed);
|
||||
tmp_iface.rdma_capable = le32_to_cpu(p->Capability & RDMA_CAPABLE) ? 1 : 0;
|
||||
|
|
Loading…
Reference in a new issue