cifs: fix underflow in parse_server_interfaces()

[ Upstream commit cffe487026be13eaf37ea28b783d9638ab147204 ] In this loop, we step through the buffer and after each item we check if the size_left is greater than the minimum size we need. However, the problem is that "bytes_left" is type ssize_t while sizeof() is type size_t. That means that because of type promotion, the comparison is done as an unsigned and if we have negative bytes left the loop continues instead of ending. Fixes: fe856be475f7 ("CIFS: parse and store info on iface queries") Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org> Reviewed-by: Shyam Prasad N <sprasad@microsoft.com> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
author: Dan Carpenter <dan.carpenter@linaro.org> 2024-02-08 13:18:46 +0300
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2024-02-23 09:24:58 +0100
commit: f7ff1c89fb6e9610d2b01c1821727729e6609308 (patch)
tree: 61b44020cd3fe60fc521c6fa24c7fca9f31ce8c4 /fs/smb/client/smb2ops.c
parent: e7f744f6f420f116d6743d42d0bd2c25cf93f542 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/smb/client/smb2ops.c b/fs/smb/client/smb2ops.c
index e33ed0fbc318..5850f861e7e1 100644
--- a/fs/smb/client/smb2ops.c
+++ b/fs/smb/client/smb2ops.c
@@ -619,7 +619,7 @@ parse_server_interfaces(struct network_interface_info_ioctl_rsp *buf,
 		goto out;
 	}
 
-	while (bytes_left >= sizeof(*p)) {
+	while (bytes_left >= (ssize_t)sizeof(*p)) {
 		memset(&tmp_iface, 0, sizeof(tmp_iface));
 		tmp_iface.speed = le64_to_cpu(p->LinkSpeed);
 		tmp_iface.rdma_capable = le32_to_cpu(p->Capability & RDMA_CAPABLE) ? 1 : 0;
author	Dan Carpenter <dan.carpenter@linaro.org>	2024-02-08 13:18:46 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2024-02-23 09:24:58 +0100
commit	f7ff1c89fb6e9610d2b01c1821727729e6609308 (patch)
tree	61b44020cd3fe60fc521c6fa24c7fca9f31ce8c4 /fs/smb/client/smb2ops.c
parent	e7f744f6f420f116d6743d42d0bd2c25cf93f542 (diff)