| From e12b02ede28bfcd5b4550ea6c3c6e47bed983879 Mon Sep 17 00:00:00 2001 |
| From: Colin Ian King <colin.king@canonical.com> |
| Date: Thu, 1 Nov 2018 13:14:30 +0000 |
| Subject: cifs: don't dereference smb_file_target before null check |
| |
| [ Upstream commit 8c6c9bed8773375b1d54ccca2911ec892c59db5d ] |
| |
| There is a null check on dst_file->private data which suggests |
| it can be potentially null. However, before this check, pointer |
| smb_file_target is derived from dst_file->private and dereferenced |
| in the call to tlink_tcon, hence there is a potential null pointer |
| deference. |
| |
| Fix this by assigning smb_file_target and target_tcon after the |
| null pointer sanity checks. |
| |
| Detected by CoverityScan, CID#1475302 ("Dereference before null check") |
| |
| Fixes: 04b38d601239 ("vfs: pull btrfs clone API to vfs layer") |
| Signed-off-by: Colin Ian King <colin.king@canonical.com> |
| Signed-off-by: Steve French <stfrench@microsoft.com> |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| fs/cifs/cifsfs.c | 7 +++++-- |
| 1 file changed, 5 insertions(+), 2 deletions(-) |
| |
| diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c |
| index 7065426b3280..fb32f3d6925e 100644 |
| --- a/fs/cifs/cifsfs.c |
| +++ b/fs/cifs/cifsfs.c |
| @@ -981,8 +981,8 @@ static int cifs_clone_file_range(struct file *src_file, loff_t off, |
| struct inode *src_inode = file_inode(src_file); |
| struct inode *target_inode = file_inode(dst_file); |
| struct cifsFileInfo *smb_file_src = src_file->private_data; |
| - struct cifsFileInfo *smb_file_target = dst_file->private_data; |
| - struct cifs_tcon *target_tcon = tlink_tcon(smb_file_target->tlink); |
| + struct cifsFileInfo *smb_file_target; |
| + struct cifs_tcon *target_tcon; |
| unsigned int xid; |
| int rc; |
| |
| @@ -996,6 +996,9 @@ static int cifs_clone_file_range(struct file *src_file, loff_t off, |
| goto out; |
| } |
| |
| + smb_file_target = dst_file->private_data; |
| + target_tcon = tlink_tcon(smb_file_target->tlink); |
| + |
| /* |
| * Note: cifs case is easier than btrfs since server responsible for |
| * checks for proper open modes and file type and if it wants |
| -- |
| 2.17.1 |
| |