From: Greg Kroah-Hartman Date: Sun, 16 Oct 2022 19:49:52 +0000 (+0200) Subject: 5.15-stable patches X-Git-Tag: v5.4.219~66 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a893c137feb292a36c3da0b9df61ff34a65d4d64;p=thirdparty%2Fkernel%2Fstable-queue.git 5.15-stable patches added patches: smb3-must-initialize-two-acl-struct-fields-to-zero.patch --- diff --git a/queue-5.15/series b/queue-5.15/series index 61c8bedef23..24cb475139d 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -131,3 +131,4 @@ drm-i915-fix-watermark-calculations-for-gen12-rc-ccs-modifier.patch drm-i915-fix-watermark-calculations-for-gen12-mc-ccs-modifier.patch drm-i915-fix-watermark-calculations-for-gen12-ccs-cc-modifier.patch drm-amd-display-fix-vblank-refcount-in-vrr-transition.patch +smb3-must-initialize-two-acl-struct-fields-to-zero.patch diff --git a/queue-5.15/smb3-must-initialize-two-acl-struct-fields-to-zero.patch b/queue-5.15/smb3-must-initialize-two-acl-struct-fields-to-zero.patch new file mode 100644 index 00000000000..3f39843d1ed --- /dev/null +++ b/queue-5.15/smb3-must-initialize-two-acl-struct-fields-to-zero.patch @@ -0,0 +1,40 @@ +From f09bd695af3b8ab46fc24e5d6954a24104c38387 Mon Sep 17 00:00:00 2001 +From: Steve French +Date: Fri, 14 Oct 2022 18:50:20 -0500 +Subject: smb3: must initialize two ACL struct fields to zero + +From: Steve French + +commit f09bd695af3b8ab46fc24e5d6954a24104c38387 upstream. + +Coverity spotted that we were not initalizing Stbz1 and Stbz2 to +zero in create_sd_buf. + +Addresses-Coverity: 1513848 ("Uninitialized scalar variable") +Cc: +Reviewed-by: Paulo Alcantara (SUSE) +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman +--- + fs/cifs/smb2pdu.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/fs/cifs/smb2pdu.c ++++ b/fs/cifs/smb2pdu.c +@@ -2354,7 +2354,7 @@ create_sd_buf(umode_t mode, bool set_own + unsigned int acelen, acl_size, ace_count; + unsigned int owner_offset = 0; + unsigned int group_offset = 0; +- struct smb3_acl acl; ++ struct smb3_acl acl = {}; + + *len = roundup(sizeof(struct crt_sd_ctxt) + (sizeof(struct cifs_ace) * 4), 8); + +@@ -2427,6 +2427,7 @@ create_sd_buf(umode_t mode, bool set_own + acl.AclRevision = ACL_REVISION; /* See 2.4.4.1 of MS-DTYP */ + acl.AclSize = cpu_to_le16(acl_size); + acl.AceCount = cpu_to_le16(ace_count); ++ /* acl.Sbz1 and Sbz2 MBZ so are not set here, but initialized above */ + memcpy(aclptr, &acl, sizeof(struct smb3_acl)); + + buf->ccontext.DataLength = cpu_to_le32(ptr - (__u8 *)&buf->sd);