| Message ID | 20181009220220.GA24569@embeddedor.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [v3] smb2: fix uninitialized variable bug in smb2_ioctl_query_info | expand |
Added Ronnie's reviewed-by and pushed to cifs-2.6.git for-next On Tue, Oct 9, 2018 at 5:27 PM Gustavo A. R. Silva <gustavo@embeddedor.com> wrote: > > There is a potential execution path in which variable *resp_buftype* > is passed as an argument to function free_rsp_buf(), in which it is > used in a comparison without being properly initialized previously. > > Fix this by initializing variable *resp_buftype* to CIFS_NO_BUFFER > in order to avoid unpredictable or unintended results. > > Addresses-Coverity-ID: 1473971 ("Uninitialized scalar variable") > Fixes: c5d25bdb2967 ("cifs: add IOCTL for QUERY_INFO passthrough to userspace") > Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> > --- > Changes in v3: > - Initialize resp_buftype to CIFS_NO_BUFFER instead of to -1. > Thanks to Ronnie Sahlberg for pointing this out. > > Changes in v2: > - Fix Coverity and Fixes tag. > - Update commit log. > > fs/cifs/smb2ops.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c > index c6c6450d..8472cb0 100644 > --- a/fs/cifs/smb2ops.c > +++ b/fs/cifs/smb2ops.c > @@ -1133,7 +1133,7 @@ smb2_ioctl_query_info(const unsigned int xid, > struct smb_rqst rqst; > struct kvec iov[1]; > struct kvec rsp_iov; > - int resp_buftype; > + int resp_buftype = CIFS_NO_BUFFER; > struct smb2_query_info_rsp *rsp = NULL; > void *buffer; > > -- > 2.7.4 >
diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c index c6c6450d..8472cb0 100644 --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c @@ -1133,7 +1133,7 @@ smb2_ioctl_query_info(const unsigned int xid, struct smb_rqst rqst; struct kvec iov[1]; struct kvec rsp_iov; - int resp_buftype; + int resp_buftype = CIFS_NO_BUFFER; struct smb2_query_info_rsp *rsp = NULL; void *buffer;
There is a potential execution path in which variable *resp_buftype* is passed as an argument to function free_rsp_buf(), in which it is used in a comparison without being properly initialized previously. Fix this by initializing variable *resp_buftype* to CIFS_NO_BUFFER in order to avoid unpredictable or unintended results. Addresses-Coverity-ID: 1473971 ("Uninitialized scalar variable") Fixes: c5d25bdb2967 ("cifs: add IOCTL for QUERY_INFO passthrough to userspace") Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> --- Changes in v3: - Initialize resp_buftype to CIFS_NO_BUFFER instead of to -1. Thanks to Ronnie Sahlberg for pointing this out. Changes in v2: - Fix Coverity and Fixes tag. - Update commit log. fs/cifs/smb2ops.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)