Re: [PATCH][next] cifsd: Fix a less than zero comparison with the unsigned int nbytes
From: Namjae Jeon
Date: Thu Oct 07 2021 - 08:51:11 EST
2021-10-07 21:37 GMT+09:00, Namjae Jeon <linkinjeon@xxxxxxxxxx>:
> 2021-10-07 20:47 GMT+09:00, Colin King <colin.king@xxxxxxxxxxxxx>:
>> From: Colin Ian King <colin.king@xxxxxxxxxxxxx>
>>
>> Currently the check for nbytes < 0 is always false because nbytes
>> is an unsigned int and can never be less than zero. Fix this by
>> using ret for the assignment and comparison and assigning nbytes
>> to ret later if the check is successful. The fix also passes the
>> error return in ret to the error handling path that caters for
>> various values of ret.
>>
>> Addresses-Coverity: ("Unsigned compared against 0")
>> Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3")
> I think that this alarm is caused by b66732021c64 (ksmbd: add
> validation in smb2_ioctl).
> Fixes tag may be not needed. Because b66732021c64 patch is not applied
> to Linus' tree yet ?
>> Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx>
> Acked-by: Namjae Jeon <linkinjeon@xxxxxxxxxx>
I found one issue in this patch.
if ret is -EINVAL, Status is changed to STATUS_INVALID_PARAMETER from
STATUS_BUFFER_TOO_SMALL.
static int fsctl_query_iface_info_ioctl(struct ksmbd_conn *conn,
struct smb2_ioctl_rsp *rsp,
unsigned int out_buf_len)
...
if (!nbytes) {
rsp->hdr.Status = STATUS_BUFFER_TOO_SMALL;
return -EINVAL;
}
>
> Thanks!
>