CIFS: Fix possible buffer corruption in cifs_user_read()

If there was a short read in the middle of the rdata list, we can end up with a corrupt output buffer. Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org> Signed-off-by: Steve French <smfrench@gmail.com>

CIFS: Fix possible buffer corruption in cifs_user_read()
If there was a short read in the middle of the rdata list, we can end up with a corrupt output buffer. Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org> Signed-off-by: Steve French <smfrench@gmail.com>
2e8a05d8 · Pavel Shilovsky · Steve French · b3160aeb · 2e8a05d8
Commit 2e8a05d8 authored Jul 10, 2014 by Pavel Shilovsky Committed by Steve French Aug 02, 2014
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 1 deletion

fs/cifs/file.c fs/cifs/file.c +3 -1

No files found.
--- a/fs/cifs/file.c
+++ b/fs/cifs/file.c
@@ -3049,7 +3049,9 @@ ssize_t cifs_user_readv(struct kiocb *iocb, struct iov_iter *to)
 			} else {
 				rc = cifs_readdata_to_iov(rdata, to);
 			}
-
+			/* if there was a short read -- discard anything left */
+			if (rdata->got_bytes && rdata->got_bytes < rdata->bytes)
+				rc = -ENODATA;
 		}
 		list_del_init(&rdata->list);
 		kref_put(&rdata->refcount, cifs_uncached_readdata_release);