Hello Jeff Layton, The patch 04febabcf55b: "cifs: sanitize username handling" from Jan 17, 2012, leads to the following static checker warning: fs/cifs/connect.c:2231 match_session() error: we previously assumed 'vol->username' could be null (see line 2228) fs/cifs/connect.c 2219 /* NULL username means anonymous session */ 2220 if (ses->user_name == NULL) { 2221 if (!vol->nullauth) 2222 return 0; 2223 break; 2224 } 2225 2226 /* anything else takes username/password */ 2227 if (strncmp(ses->user_name, 2228 vol->username ? vol->username : "", ^^^^^^^^^^^^^ We added this check for vol->username here. 2229 CIFS_MAX_USERNAME_LEN)) 2230 return 0; 2231 if (strlen(vol->username) != 0 && ^^^^^^^^^^^^^ But this dereference is not checked. 2232 ses->password != NULL && 2233 strncmp(ses->password, 2234 vol->password ? vol->password : "", 2235 CIFS_MAX_PASSWORD_LEN)) 2236 return 0; regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html