* [PATCH] cifs: cifssmb: Fix potential NULL pointer dereference
@ 2018-04-03 20:55 Gustavo A. R. Silva
2018-04-03 21:02 ` Gustavo A. R. Silva
0 siblings, 1 reply; 2+ messages in thread
From: Gustavo A. R. Silva @ 2018-04-03 20:55 UTC (permalink / raw)
To: Ronnie Sahlberg, Steve French
Cc: linux-cifs, samba-technical, linux-kernel, Gustavo A. R. Silva
tcon->ses is being dereferenced before it is null checked, hence
there is a potential null pointer dereference.
Fix this by moving the pointer dereference after tcon->ses has
been properly null checked.
Addresses-Coverity-ID: 1467426 ("Dereference before null check")
Fixes: 93012bf98416 ("cifs: add server->vals->header_preamble_size")
Signed-off-by: Gustavo A. R. Silva <garsilva@embeddedor.com>
---
fs/cifs/smb2pdu.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
index f7741ce..e5ac474 100644
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -3454,7 +3454,7 @@ static int
build_qfs_info_req(struct kvec *iov, struct cifs_tcon *tcon, int level,
int outbuf_len, u64 persistent_fid, u64 volatile_fid)
{
- struct TCP_Server_Info *server = tcon->ses->server;
+ struct TCP_Server_Info *server;
int rc;
struct smb2_query_info_req *req;
unsigned int total_len;
@@ -3464,6 +3464,8 @@ build_qfs_info_req(struct kvec *iov, struct cifs_tcon *tcon, int level,
if ((tcon->ses == NULL) || (tcon->ses->server == NULL))
return -EIO;
+ server = tcon->ses->server;
+
rc = smb2_plain_req_init(SMB2_QUERY_INFO, tcon, (void **) &req,
&total_len);
if (rc)
--
2.7.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] cifs: cifssmb: Fix potential NULL pointer dereference
2018-04-03 20:55 [PATCH] cifs: cifssmb: Fix potential NULL pointer dereference Gustavo A. R. Silva
@ 2018-04-03 21:02 ` Gustavo A. R. Silva
0 siblings, 0 replies; 2+ messages in thread
From: Gustavo A. R. Silva @ 2018-04-03 21:02 UTC (permalink / raw)
To: Gustavo A. R. Silva, Ronnie Sahlberg, Steve French
Cc: linux-cifs, samba-technical, linux-kernel
Hi,
I noticed the subject was incorrect. Drop this patch, please.
I just sent v2.
Thanks
--
Gustavo
On 04/03/2018 03:55 PM, Gustavo A. R. Silva wrote:
> tcon->ses is being dereferenced before it is null checked, hence
> there is a potential null pointer dereference.
>
> Fix this by moving the pointer dereference after tcon->ses has
> been properly null checked.
>
> Addresses-Coverity-ID: 1467426 ("Dereference before null check")
> Fixes: 93012bf98416 ("cifs: add server->vals->header_preamble_size")
> Signed-off-by: Gustavo A. R. Silva <garsilva@embeddedor.com>
> ---
> fs/cifs/smb2pdu.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
> index f7741ce..e5ac474 100644
> --- a/fs/cifs/smb2pdu.c
> +++ b/fs/cifs/smb2pdu.c
> @@ -3454,7 +3454,7 @@ static int
> build_qfs_info_req(struct kvec *iov, struct cifs_tcon *tcon, int level,
> int outbuf_len, u64 persistent_fid, u64 volatile_fid)
> {
> - struct TCP_Server_Info *server = tcon->ses->server;
> + struct TCP_Server_Info *server;
> int rc;
> struct smb2_query_info_req *req;
> unsigned int total_len;
> @@ -3464,6 +3464,8 @@ build_qfs_info_req(struct kvec *iov, struct cifs_tcon *tcon, int level,
> if ((tcon->ses == NULL) || (tcon->ses->server == NULL))
> return -EIO;
>
> + server = tcon->ses->server;
> +
> rc = smb2_plain_req_init(SMB2_QUERY_INFO, tcon, (void **) &req,
> &total_len);
> if (rc)
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-04-03 21:02 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-04-03 20:55 [PATCH] cifs: cifssmb: Fix potential NULL pointer dereference Gustavo A. R. Silva
2018-04-03 21:02 ` Gustavo A. R. Silva
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.