lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 10 Oct 2018 00:02:20 +0200 From: "Gustavo A. R. Silva" <gustavo@...eddedor.com> To: Steve French <sfrench@...ba.org>, Ronnie Sahlberg <lsahlber@...hat.com> Cc: linux-cifs@...r.kernel.org, samba-technical@...ts.samba.org, linux-kernel@...r.kernel.org, "Gustavo A. R. Silva" <gustavo@...eddedor.com> Subject: [PATCH v3] smb2: fix uninitialized variable bug in smb2_ioctl_query_info There is a potential execution path in which variable *resp_buftype* is passed as an argument to function free_rsp_buf(), in which it is used in a comparison without being properly initialized previously. Fix this by initializing variable *resp_buftype* to CIFS_NO_BUFFER in order to avoid unpredictable or unintended results. Addresses-Coverity-ID: 1473971 ("Uninitialized scalar variable") Fixes: c5d25bdb2967 ("cifs: add IOCTL for QUERY_INFO passthrough to userspace") Signed-off-by: Gustavo A. R. Silva <gustavo@...eddedor.com> --- Changes in v3: - Initialize resp_buftype to CIFS_NO_BUFFER instead of to -1. Thanks to Ronnie Sahlberg for pointing this out. Changes in v2: - Fix Coverity and Fixes tag. - Update commit log. fs/cifs/smb2ops.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c index c6c6450d..8472cb0 100644 --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c @@ -1133,7 +1133,7 @@ smb2_ioctl_query_info(const unsigned int xid, struct smb_rqst rqst; struct kvec iov[1]; struct kvec rsp_iov; - int resp_buftype; + int resp_buftype = CIFS_NO_BUFFER; struct smb2_query_info_rsp *rsp = NULL; void *buffer; -- 2.7.4
Powered by blists - more mailing lists