updated cifs-2.6.git for-next (and added Cc: stable) with this patch
On Tue, Dec 5, 2023 at 6:50 PM Paulo Alcantara <pc@xxxxxxxxxxxxx> wrote:
>
> If server returned no data for FSCTL_DFS_GET_REFERRALS, @dfs_rsp will
> remain NULL and then parse_dfs_referrals() will dereference it.
>
> Fix this by returning -EIO when no output data is returned.
>
> Besides, we can't fix it in SMB2_ioctl() as some FSCTLs are allowed to
> return no data as per MS-SMB2 2.2.32.
>
> Fixes: 9d49640a21bf ("CIFS: implement get_dfs_refer for SMB2+")
> Reported-by: Robert Morris <rtm@xxxxxxxxxxxxx>
> Signed-off-by: Paulo Alcantara (SUSE) <pc@xxxxxxxxxxxxx>
> ---
> fs/smb/client/smb2ops.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/fs/smb/client/smb2ops.c b/fs/smb/client/smb2ops.c
> index 45931115f475..fcfb6566b899 100644
> --- a/fs/smb/client/smb2ops.c
> +++ b/fs/smb/client/smb2ops.c
> @@ -2836,6 +2836,8 @@ smb2_get_dfs_refer(const unsigned int xid, struct cifs_ses *ses,
> usleep_range(512, 2048);
> } while (++retry_count < 5);
>
> + if (!rc && !dfs_rsp)
> + rc = -EIO;
> if (rc) {
> if (!is_retryable_error(rc) && rc != -ENOENT && rc != -EOPNOTSUPP)
> cifs_tcon_dbg(VFS, "%s: ioctl error: rc=%d\n", __func__, rc);
> --
> 2.43.0
>
--
Thanks,
Steve
