cifs: fix underflow in parse_server_interfaces()

jira LE-1907
cve CVE-2024-26828
Rebuild_History Non-Buildable kernel-5.14.0-427.31.1.el9_4
commit-author Dan Carpenter <[email protected]>
commit cffe487

In this loop, we step through the buffer and after each item we check
if the size_left is greater than the minimum size we need.  However,
the problem is that "bytes_left" is type ssize_t while sizeof() is type
size_t.  That means that because of type promotion, the comparison is
done as an unsigned and if we have negative bytes left the loop
continues instead of ending.

Fixes: fe856be ("CIFS: parse and store info on iface queries")
	Signed-off-by: Dan Carpenter <[email protected]>
	Reviewed-by: Shyam Prasad N <[email protected]>
	Signed-off-by: Steve French <[email protected]>
(cherry picked from commit cffe487)
	Signed-off-by: Jonathan Maple <[email protected]>

Author: PlaidCat

fs/smb/client/smb2ops.c

@@ -609,7 +609,7 @@ parse_server_interfaces(struct network_interface_info_ioctl_rsp *buf,
 		goto out;
 	}
 
-	while (bytes_left >= sizeof(*p)) {
+	while (bytes_left >= (ssize_t)sizeof(*p)) {
 		memset(&tmp_iface, 0, sizeof(tmp_iface));
 		tmp_iface.speed = le64_to_cpu(p->LinkSpeed);
 		tmp_iface.rdma_capable = le32_to_cpu(p->Capability & RDMA_CAPABLE) ? 1 : 0;