]> git.ipfire.org Git - thirdparty/linux.git/commitdiff
smb3: fix possible access to uninitialized pointer to DACL
authorSteve French <stfrench@microsoft.com>
Tue, 22 Jun 2021 22:54:50 +0000 (17:54 -0500)
committerSteve French <stfrench@microsoft.com>
Thu, 24 Jun 2021 00:26:40 +0000 (19:26 -0500)
dacl_ptr can be null so we must check for it everywhere it is
used in build_sec_desc.

Addresses-Coverity: 1475598 ("Explicit null dereference")
Signed-off-by: Steve French <stfrench@microsoft.com>
fs/cifs/cifsacl.c

index 5ec5d9d24032b30a9f54145ade760611fc428d96..388eb536cff15967ba64c12ab017a68ae9cdd72d 100644 (file)
@@ -1294,7 +1294,7 @@ static int build_sec_desc(struct cifs_ntsd *pntsd, struct cifs_ntsd *pnntsd,
                ndacl_ptr = (struct cifs_acl *)((char *)pnntsd + ndacloffset);
                ndacl_ptr->revision =
                        dacloffset ? dacl_ptr->revision : cpu_to_le16(ACL_REVISION);
-               ndacl_ptr->num_aces = dacl_ptr->num_aces;
+               ndacl_ptr->num_aces = dacl_ptr ? dacl_ptr->num_aces : 0;
 
                if (uid_valid(uid)) { /* chown */
                        uid_t id;