CIFS: Fix possible buffer corruption in cifs_user_read()

If there was a short read in the middle of the rdata list,
we can end up with a corrupt output buffer.
Signed-off-by: NPavel Shilovsky <pshilovsky@samba.org>
Signed-off-by: NSteve French <smfrench@gmail.com>

fs/cifs/file.c

@@ -3049,7 +3049,9 @@ ssize_t cifs_user_readv(struct kiocb *iocb, struct iov_iter *to)
 			} else {
 				rc = cifs_readdata_to_iov(rdata, to);
 			}
-
+			/* if there was a short read -- discard anything left */
+			if (rdata->got_bytes && rdata->got_bytes < rdata->bytes)
+				rc = -ENODATA;
 		}
 		list_del_init(&rdata->list);
 		kref_put(&rdata->refcount, cifs_uncached_readdata_release);