Patch "fs/ntfs3: Fix NULL dereference in ni_write_inode" has been added to the 5.15-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    fs/ntfs3: Fix NULL dereference in ni_write_inode

to the 5.15-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     fs-ntfs3-fix-null-dereference-in-ni_write_inode.patch
and it can be found in the queue-5.15 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 6d120f840c0a339909bc89dc8a0624a8aed1a9c7
Author: Abdun Nihaal <abdun.nihaal@xxxxxxxxx>
Date:   Sun Oct 30 12:32:51 2022 +0530

    fs/ntfs3: Fix NULL dereference in ni_write_inode
    
    [ Upstream commit 8dae4f6341e335a09575be60b4fdf697c732a470 ]
    
    Syzbot reports a NULL dereference in ni_write_inode.
    When creating a new inode, if allocation fails in mi_init function
    (called in mi_format_new function), mi->mrec is set to NULL.
    In the error path of this inode creation, mi->mrec is later
    dereferenced in ni_write_inode.
    
    Add a NULL check to prevent NULL dereference.
    
    Link: https://syzkaller.appspot.com/bug?extid=f45957555ed4a808cc7a
    Reported-and-tested-by: syzbot+f45957555ed4a808cc7a@xxxxxxxxxxxxxxxxxxxxxxxxx
    Signed-off-by: Abdun Nihaal <abdun.nihaal@xxxxxxxxx>
    Signed-off-by: Konstantin Komarov <almaz.alexandrovich@xxxxxxxxxxxxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/fs/ntfs3/frecord.c b/fs/ntfs3/frecord.c
index cdeb0b51f0ba8..95556515ded3d 100644
--- a/fs/ntfs3/frecord.c
+++ b/fs/ntfs3/frecord.c
@@ -3189,6 +3189,9 @@ int ni_write_inode(struct inode *inode, int sync, const char *hint)
 		return 0;
 	}
 
+	if (!ni->mi.mrec)
+		goto out;
+
 	if (is_rec_inuse(ni->mi.mrec) &&
 	    !(sbi->flags & NTFS_FLAGS_LOG_REPLAYING) && inode->i_nlink) {
 		bool modified = false;



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux