diff options
| author | Sang-Heon Jeon <[email protected]> | 2025-09-23 08:16:45 +0000 |
|---|---|---|
| committer | Steve French <[email protected]> | 2025-09-26 14:45:16 +0000 |
| commit | fbe2dc6a9c7318f7263f5e4d50f6272b931c5756 (patch) | |
| tree | 029479059be1f325fd55d91459eee7ab8386265b /fs | |
| parent | smb: client: handle unlink(2) of files open by different clients (diff) | |
| download | kernel-fbe2dc6a9c7318f7263f5e4d50f6272b931c5756.tar.gz kernel-fbe2dc6a9c7318f7263f5e4d50f6272b931c5756.zip | |
smb: client: fix wrong index reference in smb2_compound_op()
In smb2_compound_op(), the loop that processes each command's response
uses wrong indices when accessing response bufferes.
This incorrect indexing leads to improper handling of command results.
Also, if incorrectly computed index is greather than or equal to
MAX_COMPOUND, it can cause out-of-bounds accesses.
Fixes: 3681c74d342d ("smb: client: handle lack of EA support in smb2_query_path_info()") # 6.14
Reviewed-by: Paulo Alcantara (Red Hat) <[email protected]>
Signed-off-by: Sang-Heon Jeon <[email protected]>
Signed-off-by: Steve French <[email protected]>
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/smb/client/smb2inode.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/smb/client/smb2inode.c b/fs/smb/client/smb2inode.c index e32a3f338793..0985db9f86e5 100644 --- a/fs/smb/client/smb2inode.c +++ b/fs/smb/client/smb2inode.c @@ -687,7 +687,7 @@ finished: } for (i = 0; i < num_cmds; i++) { - char *buf = rsp_iov[i + i].iov_base; + char *buf = rsp_iov[i + 1].iov_base; if (buf && resp_buftype[i + 1] != CIFS_NO_BUFFER) rc = server->ops->map_error(buf, false); |