You are right that we need to do the null check but it needs to be one line higher since the UCS conversion function does not check in the unlikely event that the target path is null. I moved the check up one line and committed.
On Mon, Aug 31, 2009 at 8:28 AM, Roel Kluin
<roel.kluin@...> wrote:
allocation may fail, prevent a NULL dereference.
Signed-off-by: Roel Kluin <roel.kluin@...>
---
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
index b195773..7ea3240 100644
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -3963,6 +3963,10 @@ parse_DFS_referrals(TRANSACTION2_GET_DFS_REFER_RSP *pSMBr,
GFP_KERNEL);
cifsConvertToUCS((__le16 *) tmp, searchName,
PATH_MAX, nls_codepage, remap);
+ if (tmp == NULL) {
+ rc = -ENOMEM;
+ goto parse_DFS_referrals_exit;
+ }
node->path_consumed = cifs_ucs2_bytes(tmp,
le16_to_cpu(pSMBr->PathConsumed),
nls_codepage);
--
Thanks,
Steve
_______________________________________________
linux-cifs-client mailing list
linux-cifs-client@...
https://lists.samba.org/mailman/listinfo/linux-cifs-client
