From patchwork Mon May 18 16:55:04 2009 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Layton X-Patchwork-Id: 24600 Received: from lists.samba.org (mail.samba.org [66.70.73.150]) by demeter.kernel.org (8.14.2/8.14.2) with ESMTP id n4IGtd9i031406 for ; Mon, 18 May 2009 16:55:39 GMT Received: from dp.samba.org (localhost [127.0.0.1]) by lists.samba.org (Postfix) with ESMTP id AD75C163D5F for ; Mon, 18 May 2009 16:55:11 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on dp.samba.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.8 tests=AWL,BAYES_00, FORGED_RCVD_HELO,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.1.7 X-Original-To: linux-cifs-client@lists.samba.org Delivered-To: linux-cifs-client@lists.samba.org Received: from mx2.redhat.com (mx2.redhat.com [66.187.237.31]) by lists.samba.org (Postfix) with ESMTP id A146A163C33 for ; Mon, 18 May 2009 16:54:44 +0000 (GMT) Received: from int-mx2.corp.redhat.com (int-mx2.corp.redhat.com [172.16.27.26]) by mx2.redhat.com (8.13.8/8.13.8) with ESMTP id n4IGtAmc005414; Mon, 18 May 2009 12:55:10 -0400 Received: from ns3.rdu.redhat.com (ns3.rdu.redhat.com [10.11.255.199]) by int-mx2.corp.redhat.com (8.13.1/8.13.1) with ESMTP id n4IGt6Zl013959; Mon, 18 May 2009 12:55:09 -0400 Received: from localhost.localdomain (vpn-12-198.rdu.redhat.com [10.11.12.198]) by ns3.rdu.redhat.com (8.13.8/8.13.8) with ESMTP id n4IGt4aB014980; Mon, 18 May 2009 12:55:05 -0400 From: Jeff Layton To: smfrench@gmail.com Date: Mon, 18 May 2009 12:55:04 -0400 Message-Id: <1242665704-9566-1-git-send-email-jlayton@redhat.com> X-Scanned-By: MIMEDefang 2.58 on 172.16.27.26 Cc: jmoyer@redhat.com, linux-cifs-client@lists.samba.org Subject: [linux-cifs-client] [PATCH] cifs: fix pointer initialization and checks in cifs_follow_symlink X-BeenThere: linux-cifs-client@lists.samba.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: The Linux CIFS VFS client List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-cifs-client-bounces+patchwork-cifs-client=patchwork.kernel.org@lists.samba.org Errors-To: linux-cifs-client-bounces+patchwork-cifs-client=patchwork.kernel.org@lists.samba.org This is a respin of the patch posted yesterday. It includes a fix for a bogus NULL pointer check that Jeff Moyer spotted. It's possible for CIFSSMBQueryUnixSymLink to return without setting target_path to a valid pointer. If that happens then the current value to which we're initializing this pointer could cause an oops when it's kfree'd. CIFSSMBQueryUnixSymLink also has an incorrect NULL pointer check. Thanks to Jeff Moyer for pointing that out. Reported-by: Jeff Moyer Signed-off-by: Jeff Layton Reviewed-by: Jeff Moyer --- fs/cifs/cifssmb.c | 2 +- fs/cifs/link.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c index 5759ba5..d062602 100644 --- a/fs/cifs/cifssmb.c +++ b/fs/cifs/cifssmb.c @@ -2475,7 +2475,7 @@ querySymLinkRetry: /* BB FIXME investigate remapping reserved chars here */ *symlinkinfo = cifs_strndup_from_ucs(data_start, count, is_unicode, nls_codepage); - if (!symlinkinfo) + if (!*symlinkinfo) rc = -ENOMEM; } } diff --git a/fs/cifs/link.c b/fs/cifs/link.c index ea9d11e..b103164 100644 --- a/fs/cifs/link.c +++ b/fs/cifs/link.c @@ -110,7 +110,7 @@ cifs_follow_link(struct dentry *direntry, struct nameidata *nd) int rc = -EACCES; int xid; char *full_path = NULL; - char *target_path = ERR_PTR(-ENOMEM); + char *target_path = NULL; struct cifs_sb_info *cifs_sb; struct cifsTconInfo *pTcon;