2017-10-11 4:23 GMT-07:00 Aurelien Aptel <aaptel@xxxxxxxx>:
> If SendReceive2() fails rsp is set to NULL but is dereferenced in the
> error handling code.
>
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Aurelien Aptel <aaptel@xxxxxxxx>
> ---
> fs/cifs/smb2pdu.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
> index 7aa67206f6da..eb658b641ded 100644
> --- a/fs/cifs/smb2pdu.c
> +++ b/fs/cifs/smb2pdu.c
> @@ -1168,7 +1168,7 @@ SMB2_tcon(const unsigned int xid, struct cifs_ses *ses, const char *tree,
> struct smb2_tree_connect_req *req;
> struct smb2_tree_connect_rsp *rsp = NULL;
> struct kvec iov[2];
> - struct kvec rsp_iov;
> + struct kvec rsp_iov = { NULL, 0 };
> int rc = 0;
> int resp_buftype;
> int unc_path_len;
> @@ -1285,7 +1285,7 @@ SMB2_tcon(const unsigned int xid, struct cifs_ses *ses, const char *tree,
> return rc;
>
> tcon_error_exit:
> - if (rsp->hdr.sync_hdr.Status == STATUS_BAD_NETWORK_NAME) {
> + if (rsp && rsp->hdr.sync_hdr.Status == STATUS_BAD_NETWORK_NAME) {
> cifs_dbg(VFS, "BAD_NETWORK_NAME: %s\n", tree);
> }
> goto tcon_exit;
> --
> 2.12.3
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
Good catch, Ronnie, Aurelien!
Reviewed-by: Pavel Shilovsky <pshilov@xxxxxxxxxxxxx>
It seems like the issue exists even before SendReceive2() refactoring
but wasn't triggered until DFS support was added.
--
Best regards,
Pavel Shilovsky