ksmbd: fix error code in ndr_read_int32()

This is a failure path and it should return -EINVAL instead of success. Otherwise it could result in the caller using uninitialized memory. Fixes: 303fff2b ("ksmbd: add validation for ndr read/write functions") Cc: stable@vger.kernel.org # v5.15 Acked-by: N Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: N Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: N Steve French <stfrench@microsoft.com>

ksmbd: fix error code in ndr_read_int32()
This is a failure path and it should return -EINVAL instead of success. Otherwise it could result in the caller using uninitialized memory. Fixes: 303fff2b ("ksmbd: add validation for ndr read/write functions") Cc: stable@vger.kernel.org # v5.15 Acked-by: N Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: N Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: N Steve French <stfrench@microsoft.com>
ef399469 · Dan Carpenter · Steve French · 2585cf9d · ef399469
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

fs/ksmbd/ndr.c fs/ksmbd/ndr.c +1 -1

未找到文件。
--- a/fs/ksmbd/ndr.c
+++ b/fs/ksmbd/ndr.c
@@ -148,7 +148,7 @@ static int ndr_read_int16(struct ndr *n, __u16 *value)
 static int ndr_read_int32(struct ndr *n, __u32 *value)
 {
 	if (n->offset + sizeof(__u32) > n->length)
-		return 0;
+		return -EINVAL;

 	if (value)
 		*value = le32_to_cpu(*(__le32 *)ndr_get_field(n));