summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNamjae Jeon <linkinjeon@kernel.org>2023-09-21 15:37:06 +0900
committerSteve French <stfrench@microsoft.com>2023-09-21 14:41:06 -0500
commit73f949ea87c7d697210653501ca21efe57295327 (patch)
tree3456982d347b855ca404ce17f1a653da9151dc50
parentf2f11fca5d7112e2f91c4854cddd68a059fdaa4a (diff)
ksmbd: check iov vector index in ksmbd_conn_write()
If ->iov_idx is zero, This means that the iov vector for the response was not added during the request process. In other words, it means that there is a problem in generating a response, So this patch return as an error to avoid NULL pointer dereferencing problem. Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com>
-rw-r--r--fs/smb/server/connection.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/fs/smb/server/connection.c b/fs/smb/server/connection.c
index 0d990c2f33cd..db7fa704a3f6 100644
--- a/fs/smb/server/connection.c
+++ b/fs/smb/server/connection.c
@@ -197,6 +197,9 @@ int ksmbd_conn_write(struct ksmbd_work *work)
if (work->send_no_response)
return 0;
+ if (!work->iov_idx)
+ return -EINVAL;
+
ksmbd_conn_lock(conn);
sent = conn->transport->ops->writev(conn->transport, work->iov,
work->iov_cnt,