cifs: prevent integer overflow in nxt_dir_entry()
authorDan Carpenter <dan.carpenter@oracle.com>
Thu, 6 Sep 2018 09:47:51 +0000 (12:47 +0300)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 26 Sep 2018 06:38:08 +0000 (08:38 +0200)
commit20c8102b322efc8a6f206714a1e0e5db1817aef6
tree72fd237db20690ff56e1ad6257e9620a7157248a
parent334902cfd93895076539d645e6615c525af8345f
cifs: prevent integer overflow in nxt_dir_entry()

commit 8ad8aa353524d89fa2e09522f3078166ff78ec42 upstream.

The "old_entry + le32_to_cpu(pDirInfo->NextEntryOffset)" can wrap
around so I have added a check for integer overflow.

Reported-by: Dr Silvio Cesare of InfoSect <silvio.cesare@gmail.com>
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
CC: Stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
fs/cifs/readdir.c