From: Pavel Shilovsky <pshilovsky@samba.org>
Date: Thu, 10 Jul 2014 06:21:15 +0000 (+0400)
Subject: CIFS: Fix possible buffer corruption in cifs_user_read()
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=2e8a05d80213cdfbf3bf8e6eb3059831c7015e89;p=GitHub%2FLineageOS%2FG12%2Fandroid_kernel_amlogic_linux-4.9.git

CIFS: Fix possible buffer corruption in cifs_user_read()

If there was a short read in the middle of the rdata list,
we can end up with a corrupt output buffer.

Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org>
Signed-off-by: Steve French <smfrench@gmail.com>
---

diff --git a/fs/cifs/file.c b/fs/cifs/file.c
index 3ea6fc86a471..c3390e2c6e0d 100644
--- a/fs/cifs/file.c
+++ b/fs/cifs/file.c
@@ -3049,7 +3049,9 @@ again:
 			} else {
 				rc = cifs_readdata_to_iov(rdata, to);
 			}
-
+			/* if there was a short read -- discard anything left */
+			if (rdata->got_bytes && rdata->got_bytes < rdata->bytes)
+				rc = -ENODATA;
 		}
 		list_del_init(&rdata->list);
 		kref_put(&rdata->refcount, cifs_uncached_readdata_release);