[linux-cifs-client] NULL deref cifs_unlink()

Dan Carpenter error27 at gmail.com
Wed Feb 25 09:25:18 GMT 2009


This is from fs/cifs/inode.c.

attrs is only allocated on line 1011 and then it hits the goto 
retry_std_delete.  So on line 1035 it is always NULL and 
cifs_set_file_info() dereferences it without checking.

1030                 goto retry_std_delete;
1031         }
1032
1033         /* undo the setattr if we errored out and it's needed */
1034         if (rc != 0 && dosattr != 0)
1035                 cifs_set_file_info(inode, attrs, xid, full_path, origattr);
1036
1037 out_reval:

regards,
dan carpenter



More information about the linux-cifs-client mailing list