| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20181009220220.GA24569@embeddedor.com>
Date: Wed, 10 Oct 2018 00:02:20 +0200
From: "Gustavo A. R. Silva" <gustavo@...eddedor.com>
To: Steve French <sfrench@...ba.org>,
Ronnie Sahlberg <lsahlber@...hat.com>
Cc: linux-cifs@...r.kernel.org, samba-technical@...ts.samba.org,
linux-kernel@...r.kernel.org,
"Gustavo A. R. Silva" <gustavo@...eddedor.com>
Subject: [PATCH v3] smb2: fix uninitialized variable bug in
smb2_ioctl_query_info
There is a potential execution path in which variable *resp_buftype*
is passed as an argument to function free_rsp_buf(), in which it is
used in a comparison without being properly initialized previously.
Fix this by initializing variable *resp_buftype* to CIFS_NO_BUFFER
in order to avoid unpredictable or unintended results.
Addresses-Coverity-ID: 1473971 ("Uninitialized scalar variable")
Fixes: c5d25bdb2967 ("cifs: add IOCTL for QUERY_INFO passthrough to userspace")
Signed-off-by: Gustavo A. R. Silva <gustavo@...eddedor.com>
---
Changes in v3:
- Initialize resp_buftype to CIFS_NO_BUFFER instead of to -1.
Thanks to Ronnie Sahlberg for pointing this out.
Changes in v2:
- Fix Coverity and Fixes tag.
- Update commit log.
fs/cifs/smb2ops.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
index c6c6450d..8472cb0 100644
--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -1133,7 +1133,7 @@ smb2_ioctl_query_info(const unsigned int xid,
struct smb_rqst rqst;
struct kvec iov[1];
struct kvec rsp_iov;
- int resp_buftype;
+ int resp_buftype = CIFS_NO_BUFFER;
struct smb2_query_info_rsp *rsp = NULL;
void *buffer;
--
2.7.4
Powered by blists - more mailing lists