From: Marios Makassikis mmakassikis@freebox.fr
mainline inclusion from mainline-5.15-rc1 commit e6b1059ffaeac794bf1a76fd35947c7c6ac4cb57 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA
Reference: https://git.kernel.org/torvalds/linux/c/e6b1059ffaea
-------------------------------
Fix potential null-ptr-deref in smb2_open().
Signed-off-by: Marios Makassikis mmakassikis@freebox.fr Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com Signed-off-by: Zhong Jinghua zhongjinghua@huawei.com --- fs/cifsd/smb2pdu.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index 1ff0b20ff7b8..ba552b8f2127 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -2918,13 +2918,16 @@ int smb2_open(struct ksmbd_work *work) fattr.cf_gid = inode->i_gid; fattr.cf_mode = inode->i_mode; fattr.cf_dacls = NULL; + ace_num = 0;
fattr.cf_acls = ksmbd_vfs_get_acl(inode, ACL_TYPE_ACCESS); - ace_num = fattr.cf_acls->a_count; + if (fattr.cf_acls) + ace_num = fattr.cf_acls->a_count; if (S_ISDIR(inode->i_mode)) { fattr.cf_dacls = ksmbd_vfs_get_acl(inode, ACL_TYPE_DEFAULT); - ace_num += fattr.cf_dacls->a_count; + if (fattr.cf_dacls) + ace_num += fattr.cf_dacls->a_count; }
pntsd = kmalloc(sizeof(struct smb_ntsd) +