[PATCH] cifs: potential NULL dereference in parse_DFS_referrals()
Steve French
smfrench at gmail.com
Mon Aug 31 09:20:52 MDT 2009
You are right that we need to do the null check but it needs to be one line
higher since the UCS conversion function does not check in the unlikely
event that the target path is null. I moved the check up one line and
committed.
On Mon, Aug 31, 2009 at 8:28 AM, Roel Kluin <roel.kluin at gmail.com> wrote:
> allocation may fail, prevent a NULL dereference.
>
> Signed-off-by: Roel Kluin <roel.kluin at gmail.com>
> ---
> diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
> index b195773..7ea3240 100644
> --- a/fs/cifs/cifssmb.c
> +++ b/fs/cifs/cifssmb.c
> @@ -3963,6 +3963,10 @@ parse_DFS_referrals(TRANSACTION2_GET_DFS_REFER_RSP
> *pSMBr,
> GFP_KERNEL);
> cifsConvertToUCS((__le16 *) tmp, searchName,
> PATH_MAX, nls_codepage, remap);
> + if (tmp == NULL) {
> + rc = -ENOMEM;
> + goto parse_DFS_referrals_exit;
> + }
> node->path_consumed = cifs_ucs2_bytes(tmp,
> le16_to_cpu(pSMBr->PathConsumed),
> nls_codepage);
>
--
Thanks,
Steve
More information about the samba-technical
mailing list