diff options
author | Dan Carpenter <dan.carpenter@oracle.com> | 2021-11-30 13:50:47 +0100 |
---|---|---|
committer | Steve French <stfrench@microsoft.com> | 2021-12-16 19:36:49 +0100 |
commit | ef399469d9ceb9f2171cdd79863f9434b9fa3edc (patch) | |
tree | d258ecfcb83c02084077874b5260239fb8d7a46b /fs/ksmbd | |
parent | Linux 5.16-rc5 (diff) | |
download | linux-ef399469d9ceb9f2171cdd79863f9434b9fa3edc.tar.xz linux-ef399469d9ceb9f2171cdd79863f9434b9fa3edc.zip |
ksmbd: fix error code in ndr_read_int32()
This is a failure path and it should return -EINVAL instead of success.
Otherwise it could result in the caller using uninitialized memory.
Fixes: 303fff2b8c77 ("ksmbd: add validation for ndr read/write functions")
Cc: stable@vger.kernel.org # v5.15
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Diffstat (limited to 'fs/ksmbd')
-rw-r--r-- | fs/ksmbd/ndr.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/ksmbd/ndr.c b/fs/ksmbd/ndr.c index 8317f7ca402b..5052be9261d9 100644 --- a/fs/ksmbd/ndr.c +++ b/fs/ksmbd/ndr.c @@ -148,7 +148,7 @@ static int ndr_read_int16(struct ndr *n, __u16 *value) static int ndr_read_int32(struct ndr *n, __u32 *value) { if (n->offset + sizeof(__u32) > n->length) - return 0; + return -EINVAL; if (value) *value = le32_to_cpu(*(__le32 *)ndr_get_field(n)); |