From 2e8a05d80213cdfbf3bf8e6eb3059831c7015e89 Mon Sep 17 00:00:00 2001 From: Pavel Shilovsky Date: Thu, 10 Jul 2014 10:21:15 +0400 Subject: [PATCH] CIFS: Fix possible buffer corruption in cifs_user_read() If there was a short read in the middle of the rdata list, we can end up with a corrupt output buffer. Signed-off-by: Pavel Shilovsky Signed-off-by: Steve French --- fs/cifs/file.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/fs/cifs/file.c b/fs/cifs/file.c index 3ea6fc86a471..c3390e2c6e0d 100644 --- a/fs/cifs/file.c +++ b/fs/cifs/file.c @@ -3049,7 +3049,9 @@ again: } else { rc = cifs_readdata_to_iov(rdata, to); } - + /* if there was a short read -- discard anything left */ + if (rdata->got_bytes && rdata->got_bytes < rdata->bytes) + rc = -ENODATA; } list_del_init(&rdata->list); kref_put(&rdata->refcount, cifs_uncached_readdata_release); -- 2.20.1