| From 51db46018d4c42eaa1873fff617789f862b7e06c Mon Sep 17 00:00:00 2001 |
| From: Jia-Ju Bai <baijiaju1990@gmail.com> |
| Date: Fri, 26 Jul 2019 15:48:53 +0800 |
| Subject: [PATCH] fs: nfs: Fix possible null-pointer dereferences in |
| encode_attrs() |
| |
| commit e2751463eaa6f9fec8fea80abbdc62dbc487b3c5 upstream. |
| |
| In encode_attrs(), there is an if statement on line 1145 to check |
| whether label is NULL: |
| if (label && (attrmask[2] & FATTR4_WORD2_SECURITY_LABEL)) |
| |
| When label is NULL, it is used on lines 1178-1181: |
| *p++ = cpu_to_be32(label->lfs); |
| *p++ = cpu_to_be32(label->pi); |
| *p++ = cpu_to_be32(label->len); |
| p = xdr_encode_opaque_fixed(p, label->label, label->len); |
| |
| To fix these bugs, label is checked before being used. |
| |
| These bugs are found by a static analysis tool STCheck written by us. |
| |
| Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com> |
| Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com> |
| Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> |
| |
| diff --git a/fs/nfs/nfs4xdr.c b/fs/nfs/nfs4xdr.c |
| index 602446158bfb..ff06820b9efb 100644 |
| --- a/fs/nfs/nfs4xdr.c |
| +++ b/fs/nfs/nfs4xdr.c |
| @@ -1172,7 +1172,7 @@ static void encode_attrs(struct xdr_stream *xdr, const struct iattr *iap, |
| } else |
| *p++ = cpu_to_be32(NFS4_SET_TO_SERVER_TIME); |
| } |
| - if (bmval[2] & FATTR4_WORD2_SECURITY_LABEL) { |
| + if (label && (bmval[2] & FATTR4_WORD2_SECURITY_LABEL)) { |
| *p++ = cpu_to_be32(label->lfs); |
| *p++ = cpu_to_be32(label->pi); |
| *p++ = cpu_to_be32(label->len); |
| -- |
| 2.7.4 |
| |