| Message ID | e0addd3d-2687-4619-8f47-4d8ff13950a7@stanley.mountain (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | [next] smb/client: Prevent error pointer dereference | expand |
merged into cifs-2.6.git for-next On Wed, Nov 20, 2024 at 11:18 AM Dan Carpenter <dan.carpenter@linaro.org> wrote: > > The cifs_sb_tlink() function can return error pointers, but this code > dereferences it before checking for error pointers. Re-order the code > to fix that. > > Fixes: 0f9b6b045bb2 ("fs/smb/client: implement chmod() for SMB3 POSIX Extensions") > Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org> > --- > fs/smb/client/cifsacl.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/fs/smb/client/cifsacl.c b/fs/smb/client/cifsacl.c > index c68ad526a4de..ba79aa2107cc 100644 > --- a/fs/smb/client/cifsacl.c > +++ b/fs/smb/client/cifsacl.c > @@ -1592,14 +1592,16 @@ id_mode_to_cifs_acl(struct inode *inode, const char *path, __u64 *pnmode, > struct smb_ntsd *pntsd = NULL; /* acl obtained from server */ > struct smb_ntsd *pnntsd = NULL; /* modified acl to be sent to server */ > struct cifs_sb_info *cifs_sb = CIFS_SB(inode->i_sb); > - struct tcon_link *tlink = cifs_sb_tlink(cifs_sb); > + struct tcon_link *tlink; > struct smb_version_operations *ops; > bool mode_from_sid, id_from_sid; > - bool posix = tlink_tcon(tlink)->posix_extensions; > const u32 info = 0; > + bool posix; > > + tlink = cifs_sb_tlink(cifs_sb); > if (IS_ERR(tlink)) > return PTR_ERR(tlink); > + posix = tlink_tcon(tlink)->posix_extensions; > > ops = tlink_tcon(tlink)->ses->server->ops; > > -- > 2.45.2 > >
diff --git a/fs/smb/client/cifsacl.c b/fs/smb/client/cifsacl.c index c68ad526a4de..ba79aa2107cc 100644 --- a/fs/smb/client/cifsacl.c +++ b/fs/smb/client/cifsacl.c @@ -1592,14 +1592,16 @@ id_mode_to_cifs_acl(struct inode *inode, const char *path, __u64 *pnmode, struct smb_ntsd *pntsd = NULL; /* acl obtained from server */ struct smb_ntsd *pnntsd = NULL; /* modified acl to be sent to server */ struct cifs_sb_info *cifs_sb = CIFS_SB(inode->i_sb); - struct tcon_link *tlink = cifs_sb_tlink(cifs_sb); + struct tcon_link *tlink; struct smb_version_operations *ops; bool mode_from_sid, id_from_sid; - bool posix = tlink_tcon(tlink)->posix_extensions; const u32 info = 0; + bool posix; + tlink = cifs_sb_tlink(cifs_sb); if (IS_ERR(tlink)) return PTR_ERR(tlink); + posix = tlink_tcon(tlink)->posix_extensions; ops = tlink_tcon(tlink)->ses->server->ops;
The cifs_sb_tlink() function can return error pointers, but this code dereferences it before checking for error pointers. Re-order the code to fix that. Fixes: 0f9b6b045bb2 ("fs/smb/client: implement chmod() for SMB3 POSIX Extensions") Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org> --- fs/smb/client/cifsacl.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)