Commit b8fc94cd authored Jul 07, 2021 by Namjae Jeon

ksmbd: fix read on the uninitialized send_ctx



If st->status is not SMB_DIRECT_CS_CONNECTED, It will jump done label
and accessing the uninitialized send_ctxi by smb_direct_flush_send_list
will cause kernel oops. This patch just return -ENOTCONN to avoid it.

Reported-by: Coverity Scan <scan-admin@coverity.com>
Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com>
Signed-off-by: Steve French <stfrench@microsoft.com>

parent 6cfbcf2f

fs/ksmbd/transport_rdma.c

+2 −4

Original line number	Diff line number	Diff line
		@@ -1207,10 +1207,8 @@ static int smb_direct_writev(struct ksmbd_transport *t,
		struct kvec vec;
		struct smb_direct_send_ctx send_ctx;

		if (st->status != SMB_DIRECT_CS_CONNECTED) {
		ret = -ENOTCONN;
		goto done;
		}
		if (st->status != SMB_DIRECT_CS_CONNECTED)
		return -ENOTCONN;

		//FIXME: skip RFC1002 header..
		buflen -= 4;