updated patch attached with Aurelien's suggestion.
On Wed, Jun 23, 2021 at 7:17 AM Paulo Alcantara <pc@xxxxxx> wrote:
>
> Agreed.
>
> On June 23, 2021 8:48:24 AM GMT-03:00, "Aurélien Aptel" <aaptel@xxxxxxxx> wrote:
> >Steve French <smfrench@xxxxxxxxx> writes:
> >> We weren't checking if tcon is null before setting dfs path,
> >> although we check for null tcon in an earlier assignment statement.
> >
> >If tcon is NULL there is no point in continuing in that function, we
> >should have exited earlier.
> >
> >If tcon is NULL it means mount_get_conns() failed so presumably rc will
> >be != 0 and we would goto error.
> >
> >I don't think this is needed. We could change the existing check after
> >the loop to this you really want to be safe:
> >
> > if (rc || !tcon)
> > goto error;
> >
> >
> >Cheers,
--
Thanks,
Steve
From 162004a2f7ef5c77600e364dc4e9315b0e6ca386 Mon Sep 17 00:00:00 2001
From: Steve French <stfrench@xxxxxxxxxxxxx>
Date: Wed, 23 Jun 2021 19:32:24 -0500
Subject: [PATCH] cifs: missing null pointer check in cifs_mount
We weren't checking if tcon is null before setting dfs path,
although we check for null tcon in an earlier assignment statement.
Addresses-Coverity: 1476411 ("Dereference after null check")
Signed-off-by: Steve French <stfrench@xxxxxxxxxxxxx>
---
fs/cifs/connect.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 8d95607a9312..c8079376d294 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -3451,7 +3451,7 @@ int cifs_mount(struct cifs_sb_info *cifs_sb, struct smb3_fs_context *ctx)
rc = -ELOOP;
} while (rc == -EREMOTE);
- if (rc)
+ if (rc || !tcon)
goto error;
kfree(ref_path);
--
2.30.2
