From patchwork Mon Jul 14 09:01:14 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Pavel Shilovsky <pshilovsky@samba.org>
X-Patchwork-Id: 4543601
Return-Path: <linux-cifs-owner@kernel.org>
X-Original-To: patchwork-cifs-client@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.19.201])
	by patchwork2.web.kernel.org (Postfix) with ESMTP id CE178C0514
	for <patchwork-cifs-client@patchwork.kernel.org>;
	Mon, 14 Jul 2014 09:01:50 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id DF7B02011E
	for <patchwork-cifs-client@patchwork.kernel.org>;
	Mon, 14 Jul 2014 09:01:46 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 6CE892010E
	for <patchwork-cifs-client@patchwork.kernel.org>;
	Mon, 14 Jul 2014 09:01:39 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753506AbaGNJBd (ORCPT
	<rfc822;patchwork-cifs-client@patchwork.kernel.org>);
	Mon, 14 Jul 2014 05:01:33 -0400
Received: from mail-lb0-f169.google.com ([209.85.217.169]:56944 "EHLO
	mail-lb0-f169.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751143AbaGNJBd (ORCPT
	<rfc822; linux-cifs@vger.kernel.org>); Mon, 14 Jul 2014 05:01:33 -0400
Received: by mail-lb0-f169.google.com with SMTP id s7so1221093lbd.0
	for <linux-cifs@vger.kernel.org>;
	Mon, 14 Jul 2014 02:01:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20120113;
	h=sender:from:to:subject:date:message-id:in-reply-to:references;
	bh=WBinUkGFTnRBPSsbM192E8olpIrOI2jqhxLyH1ndT6w=;
	b=xkYf3f+tmC9J0fKgNmioRPzo9wthSNo7g+KHRV9MzV2pKBMNsnVDOnHoDC5VsQNdoD
	D/RELppPuIFUJtmiqTUiAXXgoN7wPgeRG2kotzHj9jCLJcGdndVi2yabRlBTfZKsf0Yz
	x65WoSMdly3EYcRtRDlDe4P7Hwt2RkJDGghjeUT63xnQJt2WFrKxp8Hf5aZNoVavkoLu
	6dXftABBGPiE3FCLiFlX0OP88tze52ELvuRBRSaLdANUIWv1GhPrfH6NcThX5KkJMMd+
	g+fbuMUGXKC6+LWB/oN6Vm9ZemSaKoBsTMBUyOCsIZk20neFHeiyPULxm9IQgb8ropt0
	V/iQ==
X-Received: by 10.152.203.233 with SMTP id kt9mr442648lac.84.1405328491293;
	Mon, 14 Jul 2014 02:01:31 -0700 (PDT)
Received: from localhost.localdomain ([92.43.3.85])
	by mx.google.com with ESMTPSA id
	r2sm5063434lag.27.2014.07.14.02.01.29
	for <linux-cifs@vger.kernel.org>
	(version=TLSv1.1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
	Mon, 14 Jul 2014 02:01:30 -0700 (PDT)
From: Pavel Shilovsky <pshilovsky@samba.org>
To: linux-cifs@vger.kernel.org
Subject: [PATCH v2 4/7] CIFS: Fix possible buffer corruption in
	cifs_user_read()
Date: Mon, 14 Jul 2014 13:01:14 +0400
Message-Id: <1405328477-13484-5-git-send-email-pshilovsky@samba.org>
X-Mailer: git-send-email 1.8.1.2
In-Reply-To: <1405328477-13484-1-git-send-email-pshilovsky@samba.org>
References: <1405328477-13484-1-git-send-email-pshilovsky@samba.org>
Sender: linux-cifs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-cifs.vger.kernel.org>
X-Mailing-List: linux-cifs@vger.kernel.org
X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_HI,RP_MATCHES_RCVD,T_DKIM_INVALID,UNPARSEABLE_RELAY
	autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

If there was a short read in the middle of the rdata list,
we can end up with a corrupt output buffer.

Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org>
---
 fs/cifs/file.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/fs/cifs/file.c b/fs/cifs/file.c
index f6cb765..2927f02 100644
--- a/fs/cifs/file.c
+++ b/fs/cifs/file.c
@@ -3048,7 +3048,9 @@ again:
 			} else {
 				rc = cifs_readdata_to_iov(rdata, to);
 			}
-
+			/* if there was a short read -- discard anything left */
+			if (rdata->got_bytes && rdata->got_bytes < rdata->bytes)
+				rc = -ENODATA;
 		}
 		list_del_init(&rdata->list);
 		kref_put(&rdata->refcount, cifs_uncached_readdata_release);