[3.13.y.z extended stable] Patch "[CIFS] Possible null ptr deref in SMB2_tcon" has been added to staging queue

Kamal Mostafa kamal at canonical.com
Tue Sep 30 21:29:25 UTC 2014


This is a note to let you know that I have just added a patch titled

    [CIFS] Possible null ptr deref in SMB2_tcon

to the linux-3.13.y-queue branch of the 3.13.y.z extended stable tree 
which can be found at:

 http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.13.y-queue

This patch is scheduled to be released in version 3.13.11.8.

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.13.y.z tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Kamal

------

>From a0e20c984f468bf88fc4cfc05658671be490e62d Mon Sep 17 00:00:00 2001
From: Steve French <smfrench at gmail.com>
Date: Sun, 17 Aug 2014 00:22:24 -0500
Subject: [CIFS] Possible null ptr deref in SMB2_tcon

commit 18f39e7be0121317550d03e267e3ebd4dbfbb3ce upstream.

As Raphael Geissert pointed out, tcon_error_exit can dereference tcon
and there is one path in which tcon can be null.

Signed-off-by: Steve French <smfrench at gmail.com>
Reported-by: Raphael Geissert <geissert at debian.org>
Signed-off-by: Kamal Mostafa <kamal at canonical.com>
---
 fs/cifs/smb2pdu.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
index 63339c5..ec2c0ac 100644
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -916,7 +916,8 @@ tcon_exit:
 tcon_error_exit:
 	if (rsp->hdr.Status == STATUS_BAD_NETWORK_NAME) {
 		cifs_dbg(VFS, "BAD_NETWORK_NAME: %s\n", tree);
-		tcon->bad_network_name = true;
+		if (tcon)
+			tcon->bad_network_name = true;
 	}
 	goto tcon_exit;
 }
--
1.9.1





More information about the kernel-team mailing list