Prior to commit eaf35b1, cifs_save_resume_key had some NULL pointer
checks at the top. It turns out that at least one of those NULL
pointer checks is needed after all.
When the LastNameOffset in a FIND reply appears to be beyond the end of
the buffer, CIFSFindFirst and CIFSFindNext will set srch_inf.last_entry
to NULL. Since eaf35b1, the code will now oops in this situation.
This patch just readds the NULL pointer check for file_info in
cifs_save_resume_key to prevent the code from oopsing.
This should fix:
https://bugzilla.redhat.com/show_bug.cgi?id=750247
Cc: stable@xxxxxxxxxxxxxxx
Cc: Christoph Hellwig <hch@xxxxxxxxxxxxx>
Reported-by: Adam G. Metzler <adamgmetzler@xxxxxxxxx>
Signed-off-by: Jeff Layton <jlayton@xxxxxxxxxx>
---
fs/cifs/readdir.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/fs/cifs/readdir.c b/fs/cifs/readdir.c
index 5de03ec..4fcb6f5 100644
--- a/fs/cifs/readdir.c
+++ b/fs/cifs/readdir.c
@@ -483,6 +483,9 @@ static int cifs_save_resume_key(const char *current_entry,
struct cifs_dirent de;
int rc;
+ if (!file_info)
+ return -EINVAL;
+
rc = cifs_fill_dirent(&de, current_entry, file_info->srch_inf.info_level,
file_info->srch_inf.unicode);
if (!rc) {
--
1.7.6.4
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
