This is a note to let you know that I've just added the patch titled CIFS: Fix NULL pointer deref on SMB2_tcon() failure to the 4.13-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: cifs-fix-null-pointer-deref-on-smb2_tcon-failure.patch and it can be found in the queue-4.13 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From db3b5474f462e77b82ca1e27627f03c47b622c99 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Aptel?= <aaptel@xxxxxxxx> Date: Wed, 11 Oct 2017 13:23:36 +0200 Subject: CIFS: Fix NULL pointer deref on SMB2_tcon() failure From: Aurélien Aptel <aaptel@xxxxxxxx> commit db3b5474f462e77b82ca1e27627f03c47b622c99 upstream. If SendReceive2() fails rsp is set to NULL but is dereferenced in the error handling code. Signed-off-by: Aurelien Aptel <aaptel@xxxxxxxx> Reviewed-by: Pavel Shilovsky <pshilov@xxxxxxxxxxxxx> Signed-off-by: Steve French <smfrench@xxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- fs/cifs/smb2pdu.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -1243,7 +1243,7 @@ SMB2_tcon(const unsigned int xid, struct struct smb2_tree_connect_req *req; struct smb2_tree_connect_rsp *rsp = NULL; struct kvec iov[2]; - struct kvec rsp_iov; + struct kvec rsp_iov = { NULL, 0 }; int rc = 0; int resp_buftype; int unc_path_len; @@ -1360,7 +1360,7 @@ tcon_exit: return rc; tcon_error_exit: - if (rsp->hdr.sync_hdr.Status == STATUS_BAD_NETWORK_NAME) { + if (rsp && rsp->hdr.sync_hdr.Status == STATUS_BAD_NETWORK_NAME) { cifs_dbg(VFS, "BAD_NETWORK_NAME: %s\n", tree); } goto tcon_exit; Patches currently in stable-queue which might be from aaptel@xxxxxxxx are queue-4.13/cifs-fix-null-pointer-deref-on-smb2_tcon-failure.patch queue-4.13/cifs-select-all-required-crypto-modules.patch