If the condition 'ecryptfs_file_to_private(file)' takes false branch lower_file is dereferenced when NULL. Caught by Coverity: CIDs 1128834 and 1128833. Signed-off-by: Geyslan G. Bem <geyslan@xxxxxxxxx> --- fs/ecryptfs/file.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/fs/ecryptfs/file.c b/fs/ecryptfs/file.c index 2229a74..1c0403a 100644 --- a/fs/ecryptfs/file.c +++ b/fs/ecryptfs/file.c @@ -316,10 +316,12 @@ ecryptfs_unlocked_ioctl(struct file *file, unsigned int cmd, unsigned long arg) struct file *lower_file = NULL; long rc = -ENOTTY; - if (ecryptfs_file_to_private(file)) - lower_file = ecryptfs_file_to_lower(file); + if (!ecryptfs_file_to_private(file)) + goto out; + lower_file = ecryptfs_file_to_lower(file); if (lower_file->f_op->unlocked_ioctl) rc = lower_file->f_op->unlocked_ioctl(lower_file, cmd, arg); +out: return rc; } @@ -330,10 +332,12 @@ ecryptfs_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg) struct file *lower_file = NULL; long rc = -ENOIOCTLCMD; - if (ecryptfs_file_to_private(file)) - lower_file = ecryptfs_file_to_lower(file); + if (!ecryptfs_file_to_private(file)) + goto out; + lower_file = ecryptfs_file_to_lower(file); if (lower_file->f_op && lower_file->f_op->compat_ioctl) rc = lower_file->f_op->compat_ioctl(lower_file, cmd, arg); +out: return rc; } #endif -- 1.8.4.2 -- To unsubscribe from this list: send the line "unsubscribe ecryptfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
