just changed the one place you noted (to keep the patch smaller) - see attached.
On Wed, Jun 23, 2021 at 9:17 AM Steve French <smfrench@xxxxxxxxx> wrote:
>
> On Wed, Jun 23, 2021 at 6:41 AM Aurélien Aptel <aaptel@xxxxxxxx> wrote:
> >
> > Steve French <smfrench@xxxxxxxxx> writes:
> >
> > > smb3: fix possible access to uninitialized pointer to DACL
> > >
> > > dacl_ptr can be null so we must check for it (ie if dacloffset is
> > > set) everywhere dacl_ptr is
> > > used in build_sec_desc - and we were missing one check
> > >
> > > Addresses-Coverity: 1475598 ("Explicit null dereference")
> >
> > Looks OK since dacl_ptr is only set if dacloffset is set but it would
> > be clearer if you check for dacl_ptr directly no? Any reason you are
> > checking this way?
> >
> > I think this is clearer, unless I'm missing something:
> >
> > ndacl_ptr->num_aces = dacl_ptr ? dacl_ptr->num_aces : 0;
>
> I agree that your suggestion is clearer but I was trying to match the
> existing checks in the same code.
> Will change both to your suggestion which is clearer.
>
>
> > >
> > >
> > > --
> > > Thanks,
> > >
> > > Steve
> > > From ec06cb04376e5abc927a9b85dd768ce8728965bb Mon Sep 17 00:00:00 2001
> > > From: Steve French <stfrench@xxxxxxxxxxxxx>
> > > Date: Tue, 22 Jun 2021 17:54:50 -0500
> > > Subject: [PATCH] smb3: fix possible access to uninitialized pointer to DACL
> > >
> > > dacl_ptr can be null so we must check for it everywhere it is
> > > used in build_sec_desc.
> > >
> > > Addresses-Coverity: 1475598 ("Explicit null dereference")
> > > Signed-off-by: Steve French <stfrench@xxxxxxxxxxxxx>
> > > ---
> > > fs/cifs/cifsacl.c | 2 +-
> > > 1 file changed, 1 insertion(+), 1 deletion(-)
> > >
> > > diff --git a/fs/cifs/cifsacl.c b/fs/cifs/cifsacl.c
> > > index 784407f9280f..25a8139336fa 100644
> > > --- a/fs/cifs/cifsacl.c
> > > +++ b/fs/cifs/cifsacl.c
> > > @@ -1308,7 +1308,7 @@ static int build_sec_desc(struct cifs_ntsd *pntsd, struct cifs_ntsd *pnntsd,
> > > ndacl_ptr = (struct cifs_acl *)((char *)pnntsd + ndacloffset);
> > > ndacl_ptr->revision =
> > > dacloffset ? dacl_ptr->revision : cpu_to_le16(ACL_REVISION);
> > > - ndacl_ptr->num_aces = dacl_ptr->num_aces;
> > > + ndacl_ptr->num_aces = dacloffset ? dacl_ptr->num_aces : 0;
> > >
> > > if (uid_valid(uid)) { /* chown */
> > > uid_t id;
> > > --
> > > 2.30.2
> > >
> >
> > --
> > Aurélien Aptel / SUSE Labs Samba Team
> > GPG: 1839 CB5F 9F5B FB9B AA97 8C99 03C8 A49B 521B D5D3
> > SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, DE
> > GF: Felix Imendörffer, Mary Higgins, Sri Rasiah HRB 247165 (AG München)
> >
>
>
> --
> Thanks,
>
> Steve
--
Thanks,
Steve
From db310c562e2ff3275a4ef13d648075a290648159 Mon Sep 17 00:00:00 2001
From: Steve French <stfrench@xxxxxxxxxxxxx>
Date: Tue, 22 Jun 2021 17:54:50 -0500
Subject: [PATCH 3/5] smb3: fix possible access to uninitialized pointer to
DACL
dacl_ptr can be null so we must check for it everywhere it is
used in build_sec_desc.
Addresses-Coverity: 1475598 ("Explicit null dereference")
Signed-off-by: Steve French <stfrench@xxxxxxxxxxxxx>
---
fs/cifs/cifsacl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/cifs/cifsacl.c b/fs/cifs/cifsacl.c
index 5ec5d9d24032..3356d762cdf5 100644
--- a/fs/cifs/cifsacl.c
+++ b/fs/cifs/cifsacl.c
@@ -1294,7 +1294,7 @@ static int build_sec_desc(struct cifs_ntsd *pntsd, struct cifs_ntsd *pnntsd,
ndacl_ptr = (struct cifs_acl *)((char *)pnntsd + ndacloffset);
ndacl_ptr->revision =
dacloffset ? dacl_ptr->revision : cpu_to_le16(ACL_REVISION);
- ndacl_ptr->num_aces = dacl_ptr->num_aces;
+ ndacl_ptr->num_aces = dacl_ptr ? dacl_ptr->num_aces : 0;
if (uid_valid(uid)) { /* chown */
uid_t id;
--
2.30.2
