From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sun, 16 Oct 2022 19:49:43 +0000 (+0200)
Subject: 5.10-stable patches
X-Git-Tag: v5.4.219~67
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7d84b0e3ac7192c633d35616ec1bc2f362006251;p=thirdparty%2Fkernel%2Fstable-queue.git

5.10-stable patches

added patches:
	smb3-must-initialize-two-acl-struct-fields-to-zero.patch
---

diff --git a/queue-5.10/series b/queue-5.10/series
index 143793441e2..bfc4b14152a 100644
--- a/queue-5.10/series
+++ b/queue-5.10/series
@@ -87,3 +87,4 @@ drm-nouveau-kms-nv140-disable-interlacing.patch
 drm-nouveau-fix-a-use-after-free-in-nouveau_gem_prime_import_sg_table.patch
 drm-i915-fix-watermark-calculations-for-gen12-rc-ccs-modifier.patch
 drm-i915-fix-watermark-calculations-for-gen12-mc-ccs-modifier.patch
+smb3-must-initialize-two-acl-struct-fields-to-zero.patch
diff --git a/queue-5.10/smb3-must-initialize-two-acl-struct-fields-to-zero.patch b/queue-5.10/smb3-must-initialize-two-acl-struct-fields-to-zero.patch
new file mode 100644
index 00000000000..ba23487da09
--- /dev/null
+++ b/queue-5.10/smb3-must-initialize-two-acl-struct-fields-to-zero.patch
@@ -0,0 +1,40 @@
+From f09bd695af3b8ab46fc24e5d6954a24104c38387 Mon Sep 17 00:00:00 2001
+From: Steve French <stfrench@microsoft.com>
+Date: Fri, 14 Oct 2022 18:50:20 -0500
+Subject: smb3: must initialize two ACL struct fields to zero
+
+From: Steve French <stfrench@microsoft.com>
+
+commit f09bd695af3b8ab46fc24e5d6954a24104c38387 upstream.
+
+Coverity spotted that we were not initalizing Stbz1 and Stbz2 to
+zero in create_sd_buf.
+
+Addresses-Coverity: 1513848 ("Uninitialized scalar variable")
+Cc: <stable@vger.kernel.org>
+Reviewed-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/cifs/smb2pdu.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/fs/cifs/smb2pdu.c
++++ b/fs/cifs/smb2pdu.c
+@@ -2294,7 +2294,7 @@ create_sd_buf(umode_t mode, bool set_own
+ 	unsigned int acelen, acl_size, ace_count;
+ 	unsigned int owner_offset = 0;
+ 	unsigned int group_offset = 0;
+-	struct smb3_acl acl;
++	struct smb3_acl acl = {};
+ 
+ 	*len = roundup(sizeof(struct crt_sd_ctxt) + (sizeof(struct cifs_ace) * 4), 8);
+ 
+@@ -2367,6 +2367,7 @@ create_sd_buf(umode_t mode, bool set_own
+ 	acl.AclRevision = ACL_REVISION; /* See 2.4.4.1 of MS-DTYP */
+ 	acl.AclSize = cpu_to_le16(acl_size);
+ 	acl.AceCount = cpu_to_le16(ace_count);
++	/* acl.Sbz1 and Sbz2 MBZ so are not set here, but initialized above */
+ 	memcpy(aclptr, &acl, sizeof(struct smb3_acl));
+ 
+ 	buf->ccontext.DataLength = cpu_to_le32(ptr - (__u8 *)&buf->sd);