From: Namjae Jeon <namjae.jeon@samsung.com> mainline inclusion from mainline-5.15-rc1 commit 41a7848a01b3f4401b8b87815e643584b86895f2 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA Reference: https://git.kernel.org/torvalds/linux/c/41a7848a01b3 ------------------------------- Dan Carpenter pointed out that memory can be corrupted when nvec is zero. This patch add the check to prevent it. Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Jason Yan <yanaijie@huawei.com> Signed-off-by: Zhong Jinghua <zhongjinghua@huawei.com> --- fs/cifsd/auth.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/cifsd/auth.c b/fs/cifsd/auth.c index 7e56966f87d4..9f957c8c123c 100644 --- a/fs/cifsd/auth.c +++ b/fs/cifsd/auth.c @@ -1172,6 +1172,9 @@ static struct scatterlist *ksmbd_init_sg(struct kvec *iov, unsigned int nvec, unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 24; int i, nr_entries[3] = {0}, total_entries = 0, sg_idx = 0; + if (!nvec) + return NULL; + for (i = 0; i < nvec - 1; i++) { unsigned long kaddr = (unsigned long)iov[i + 1].iov_base; -- 2.31.1