lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 9 Oct 2018 17:47:00 -0400 (EDT)
From:   Ronnie Sahlberg <lsahlber@...hat.com>
To:     "Gustavo A. R. Silva" <gustavo@...eddedor.com>
Cc:     Steve French <sfrench@...ba.org>, linux-cifs@...r.kernel.org,
        samba-technical@...ts.samba.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] smb2: fix uninitialized variable bug in
 smb2_ioctl_query_info

Good catch, but I think it should be :

int resp_buftype = CIFS_NO_BUFFER;


----- Original Message -----
From: "Gustavo A. R. Silva" <gustavo@...eddedor.com>
To: "Steve French" <sfrench@...ba.org>, "Ronnie Sahlberg" <lsahlber@...hat.com>
Cc: linux-cifs@...r.kernel.org, samba-technical@...ts.samba.org, linux-kernel@...r.kernel.org, "Gustavo A. R. Silva" <gustavo@...eddedor.com>
Sent: Wednesday, 10 October, 2018 6:17:48 AM
Subject: [PATCH v2] smb2: fix uninitialized variable bug in smb2_ioctl_query_info

There is a potential execution path in which variable *resp_buftype*
is passed as an argument to function free_rsp_buf(), in which it is
used in a comparison without being properly initialized previously.

Fix this by initializing variable *resp_buftype* to -1 in order to
avoid unpredictable or unintended results.

Addresses-Coverity-ID: 1473971 ("Uninitialized scalar variable")
Fixes: c5d25bdb2967 ("cifs: add IOCTL for QUERY_INFO passthrough to userspace")
Signed-off-by: Gustavo A. R. Silva <gustavo@...eddedor.com>
---
Changes in v2:
 - Fix Coverity and Fixes tag.
 - Update commit log.

 fs/cifs/smb2ops.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
index c6c6450d..927aadd 100644
--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -1133,7 +1133,7 @@ smb2_ioctl_query_info(const unsigned int xid,
 	struct smb_rqst rqst;
 	struct kvec iov[1];
 	struct kvec rsp_iov;
-	int resp_buftype;
+	int resp_buftype = -1;
 	struct smb2_query_info_rsp *rsp = NULL;
 	void *buffer;
 
-- 
2.7.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ