| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2811951.1684766430@warthog.procyon.org.uk>
Date: Mon, 22 May 2023 15:40:30 +0100
From: David Howells <dhowells@...hat.com>
To: Shyam Prasad N <sprasad@...rosoft.com>
cc: dhowells@...hat.com, Steve French <smfrench@...il.com>,
Rohith Surabattula <rohiths.msft@...il.com>,
Paulo Alcantara <pc@...guebit.com>,
Tom Talpey <tom@...pey.com>, Jeff Layton <jlayton@...nel.org>,
linux-cifs@...r.kernel.org, linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [PATCH] cifs: Fix cifs_limit_bvec_subset() to correctly check the maxmimum size
Fix cifs_limit_bvec_subset() so that it limits the span to the maximum
specified and won't return with a size greater than max_size.
Fixes: d08089f649a0 ("cifs: Change the I/O paths to use an iterator rather than a page list")
Reported-by: Shyam Prasad N <sprasad@...rosoft.com>
Signed-off-by: David Howells <dhowells@...hat.com>
cc: Steve French <smfrench@...il.com>
cc: Rohith Surabattula <rohiths.msft@...il.com>
cc: Paulo Alcantara <pc@...guebit.com>
cc: Tom Talpey <tom@...pey.com>
cc: Jeff Layton <jlayton@...nel.org>
cc: linux-cifs@...r.kernel.org
cc: linux-fsdevel@...r.kernel.org
---
fs/cifs/file.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/cifs/file.c b/fs/cifs/file.c
index ba7f2e09d6c8..4778614cfccf 100644
--- a/fs/cifs/file.c
+++ b/fs/cifs/file.c
@@ -3353,6 +3353,7 @@ static size_t cifs_limit_bvec_subset(const struct iov_iter *iter, size_t max_siz
while (n && ix < nbv) {
len = min3(n, bvecs[ix].bv_len - skip, max_size);
span += len;
+ max_size -= len;
nsegs++;
ix++;
if (span >= max_size || nsegs >= max_segs)
Powered by blists - more mailing lists