strrchr() can return NULL if nothing is found. If this happens we'll
dereference a NULL pointer in
fs/nfs/nfs4filelayoutdev.c::decode_and_add_ds().
I tried to find some other code that guarantees that this can never
happen but I was unsuccessful. So, unless someone else can point to some
code that ensures this can never be a problem, I believe this patch is
needed.
While I was changing this code I also noticed that all the dprintk()
statements, except one, start with "%s:". The one missing the ":" I added
it to.
Signed-off-by: Jesper Juhl <jj@xxxxxxxxxxxxx>
---
nfs4filelayoutdev.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
only compile tested.
diff --git a/fs/nfs/nfs4filelayoutdev.c b/fs/nfs/nfs4filelayoutdev.c
index 51fe64a..5a85b8f 100644
--- a/fs/nfs/nfs4filelayoutdev.c
+++ b/fs/nfs/nfs4filelayoutdev.c
@@ -214,7 +214,7 @@ decode_and_add_ds(__be32 **pp, struct inode *inode)
/* ipv6 length plus port is legal */
if (rlen > INET6_ADDRSTRLEN + 8) {
- dprintk("%s Invalid address, length %d\n", __func__,
+ dprintk("%s: Invalid address, length %d\n", __func__,
rlen);
goto out_err;
}
@@ -225,6 +225,11 @@ decode_and_add_ds(__be32 **pp, struct inode *inode)
/* replace the port dots with dashes for the in4_pton() delimiter*/
for (i = 0; i < 2; i++) {
char *res = strrchr(buf, '.');
+ if (!res) {
+ dprintk("%s: Failed finding expected dots in port\n",
+ __func__);
+ goto out_free;
+ }
*res = '-';
}
--
Jesper Juhl <jj@xxxxxxxxxxxxx> http://www.chaosbits.net/
Don't top-post http://www.catb.org/~esr/jargon/html/T/top-post.html
Plain text mails only, please.
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
