From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sun, 16 Oct 2022 19:49:58 +0000 (+0200)
Subject: 5.19-stable patches
X-Git-Tag: v5.4.219~65
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ea0b390c420405e15155b2088b4ae9b33050c088;p=thirdparty%2Fkernel%2Fstable-queue.git

5.19-stable patches

added patches:
	smb3-must-initialize-two-acl-struct-fields-to-zero.patch
---

diff --git a/queue-5.19/series b/queue-5.19/series
index b71eb3c7a77..4496cb72fa7 100644
--- a/queue-5.19/series
+++ b/queue-5.19/series
@@ -172,3 +172,4 @@ drm-i915-fix-watermark-calculations-for-dg2-ccs-modifiers.patch
 drm-i915-fix-watermark-calculations-for-dg2-ccs-cc-modifier.patch
 drm-amd-display-fix-vblank-refcount-in-vrr-transition.patch
 drm-amd-display-explicitly-disable-psr_feature_enable-appropriately.patch
+smb3-must-initialize-two-acl-struct-fields-to-zero.patch
diff --git a/queue-5.19/smb3-must-initialize-two-acl-struct-fields-to-zero.patch b/queue-5.19/smb3-must-initialize-two-acl-struct-fields-to-zero.patch
new file mode 100644
index 00000000000..0ad84effbbb
--- /dev/null
+++ b/queue-5.19/smb3-must-initialize-two-acl-struct-fields-to-zero.patch
@@ -0,0 +1,40 @@
+From f09bd695af3b8ab46fc24e5d6954a24104c38387 Mon Sep 17 00:00:00 2001
+From: Steve French <stfrench@microsoft.com>
+Date: Fri, 14 Oct 2022 18:50:20 -0500
+Subject: smb3: must initialize two ACL struct fields to zero
+
+From: Steve French <stfrench@microsoft.com>
+
+commit f09bd695af3b8ab46fc24e5d6954a24104c38387 upstream.
+
+Coverity spotted that we were not initalizing Stbz1 and Stbz2 to
+zero in create_sd_buf.
+
+Addresses-Coverity: 1513848 ("Uninitialized scalar variable")
+Cc: <stable@vger.kernel.org>
+Reviewed-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/cifs/smb2pdu.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/fs/cifs/smb2pdu.c
++++ b/fs/cifs/smb2pdu.c
+@@ -2410,7 +2410,7 @@ create_sd_buf(umode_t mode, bool set_own
+ 	unsigned int acelen, acl_size, ace_count;
+ 	unsigned int owner_offset = 0;
+ 	unsigned int group_offset = 0;
+-	struct smb3_acl acl;
++	struct smb3_acl acl = {};
+ 
+ 	*len = roundup(sizeof(struct crt_sd_ctxt) + (sizeof(struct cifs_ace) * 4), 8);
+ 
+@@ -2483,6 +2483,7 @@ create_sd_buf(umode_t mode, bool set_own
+ 	acl.AclRevision = ACL_REVISION; /* See 2.4.4.1 of MS-DTYP */
+ 	acl.AclSize = cpu_to_le16(acl_size);
+ 	acl.AceCount = cpu_to_le16(ace_count);
++	/* acl.Sbz1 and Sbz2 MBZ so are not set here, but initialized above */
+ 	memcpy(aclptr, &acl, sizeof(struct smb3_acl));
+ 
+ 	buf->ccontext.DataLength = cpu_to_le32(ptr - (__u8 *)&buf->sd);