From: Marios Makassikis <mmakassikis@freebox.fr> mainline inclusion from mainline-5.15-rc1 commit e6b1059ffaeac794bf1a76fd35947c7c6ac4cb57 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA Reference: https://git.kernel.org/torvalds/linux/c/e6b1059ffaea ------------------------------- Fix potential null-ptr-deref in smb2_open(). Signed-off-by: Marios Makassikis <mmakassikis@freebox.fr> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Jason Yan <yanaijie@huawei.com> Signed-off-by: Zhong Jinghua <zhongjinghua@huawei.com> --- fs/cifsd/smb2pdu.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index 1ff0b20ff7b8..ba552b8f2127 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -2918,13 +2918,16 @@ int smb2_open(struct ksmbd_work *work) fattr.cf_gid = inode->i_gid; fattr.cf_mode = inode->i_mode; fattr.cf_dacls = NULL; + ace_num = 0; fattr.cf_acls = ksmbd_vfs_get_acl(inode, ACL_TYPE_ACCESS); - ace_num = fattr.cf_acls->a_count; + if (fattr.cf_acls) + ace_num = fattr.cf_acls->a_count; if (S_ISDIR(inode->i_mode)) { fattr.cf_dacls = ksmbd_vfs_get_acl(inode, ACL_TYPE_DEFAULT); - ace_num += fattr.cf_dacls->a_count; + if (fattr.cf_dacls) + ace_num += fattr.cf_dacls->a_count; } pntsd = kmalloc(sizeof(struct smb_ntsd) + -- 2.31.1