cifsd: add the check if nvec is zero

Dan Carpenter pointed out that memory can be corrupted when nvec is zero. This patch add the check to prevent it. Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
author: Namjae Jeon <namjae.jeon@samsung.com> 2021-05-26 15:31:37 +0900
committer: Namjae Jeon <namjae.jeon@samsung.com> 2021-05-26 18:12:33 +0900
commit: 41a7848a01b3f4401b8b87815e643584b86895f2 (patch)
tree: 90328da7697f4c7b45eceb5c3139ab6f9fe6646d /fs/cifsd/auth.c
parent: cifsd: never return 1 on failure (diff)
download: wireguard-linux-41a7848a01b3f4401b8b87815e643584b86895f2.tar.xz
wireguard-linux-41a7848a01b3f4401b8b87815e643584b86895f2.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/fs/cifsd/auth.c b/fs/cifsd/auth.c
index 7e56966f87d4..9f957c8c123c 100644
--- a/fs/cifsd/auth.c
+++ b/fs/cifsd/auth.c
@@ -1172,6 +1172,9 @@ static struct scatterlist *ksmbd_init_sg(struct kvec *iov, unsigned int nvec,
 	unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 24;
 	int i, nr_entries[3] = {0}, total_entries = 0, sg_idx = 0;
 
+	if (!nvec)
+		return NULL;
+
 	for (i = 0; i < nvec - 1; i++) {
 		unsigned long kaddr = (unsigned long)iov[i + 1].iov_base;
author	Namjae Jeon <namjae.jeon@samsung.com>	2021-05-26 15:31:37 +0900
committer	Namjae Jeon <namjae.jeon@samsung.com>	2021-05-26 18:12:33 +0900
commit	41a7848a01b3f4401b8b87815e643584b86895f2 (patch)
tree	90328da7697f4c7b45eceb5c3139ab6f9fe6646d /fs/cifsd/auth.c
parent	cifsd: never return 1 on failure (diff)
download	wireguard-linux-41a7848a01b3f4401b8b87815e643584b86895f2.tar.xz wireguard-linux-41a7848a01b3f4401b8b87815e643584b86895f2.zip