From: Ian Kent <raven@themaw.net>
To: Jesper Juhl <jj@chaosbits.net>
Cc: autofs@linux.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] autofs4: Do not potentially dereference NULL pointer returned by fget() in autofs_dev_ioctl_setpipefd()
Date: Tue, 28 Dec 2010 10:36:13 +0800 [thread overview]
Message-ID: <1293503773.5923.3.camel@perseus> (raw)
In-Reply-To: <alpine.LNX.2.00.1012182238560.17400@swampdragon.chaosbits.net>
On Sat, 2010-12-18 at 22:43 +0100, Jesper Juhl wrote:
> Hi,
>
> In fs/autofs4/dev-ioctl.c::autofs_dev_ioctl_setpipefd() we call fget(),
> which may return NULL, but we do not explicitly test for that NULL return
> so we may end up dereferencing a NULL pointer - bad.
>
> When I originally submitted this patch I had chosen EBUSY as the return
> value to use if this happens. Ian Kent was kind enough to explain why that
> would most likely be wrong and why EBADF should most likely be used
> instead. This version of the patch uses EBADF.
>
>
> Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Acked-by: Ian Kent <raven@themaw.net>
> ---
> dev-ioctl.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/fs/autofs4/dev-ioctl.c b/fs/autofs4/dev-ioctl.c
> index eff9a41..a650d7e 100644
> --- a/fs/autofs4/dev-ioctl.c
> +++ b/fs/autofs4/dev-ioctl.c
> @@ -372,6 +372,10 @@ static int autofs_dev_ioctl_setpipefd(struct file *fp,
> return -EBUSY;
> } else {
> struct file *pipe = fget(pipefd);
> + if (!pipe) {
> + err = -EBADF;
> + goto out;
> + }
> if (!pipe->f_op || !pipe->f_op->write) {
> err = -EPIPE;
> fput(pipe);
>
>
>
next prev parent reply other threads:[~2010-12-28 2:36 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-12-18 21:43 [PATCH] autofs4: Do not potentially dereference NULL pointer returned by fget() in autofs_dev_ioctl_setpipefd() Jesper Juhl
2010-12-28 2:36 ` Ian Kent [this message]
2011-01-02 12:52 ` Autofs SMBFS no write in files Issa
2011-01-05 16:38 ` Carter, Joel
2011-01-05 18:53 ` Issa
2011-01-24 19:51 ` [PATCH] autofs4: Do not potentially dereference NULL pointer returned by fget() in autofs_dev_ioctl_setpipefd() Jesper Juhl
2011-01-24 20:03 ` Jesper Juhl
2011-01-25 1:55 ` Ian Kent
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1293503773.5923.3.camel@perseus \
--to=raven@themaw.net \
--cc=autofs@linux.kernel.org \
--cc=jj@chaosbits.net \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.