summaryrefslogtreecommitdiff
path: root/fs/nfs
diff options
context:
space:
mode:
authorJia-Ju Bai <baijiaju1990@gmail.com>2019-07-26 10:48:53 +0300
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2019-10-11 19:18:37 +0300
commit576a47e933cfd267953d54f99a647fb22fd014e8 (patch)
treed791473bc4ce83401e16b7897e5f6062fadd783a /fs/nfs
parent27551dbe091615e6bb6ad17ea7117ef1beb8aa81 (diff)
downloadlinux-576a47e933cfd267953d54f99a647fb22fd014e8.tar.xz
fs: nfs: Fix possible null-pointer dereferences in encode_attrs()
[ Upstream commit e2751463eaa6f9fec8fea80abbdc62dbc487b3c5 ] In encode_attrs(), there is an if statement on line 1145 to check whether label is NULL: if (label && (attrmask[2] & FATTR4_WORD2_SECURITY_LABEL)) When label is NULL, it is used on lines 1178-1181: *p++ = cpu_to_be32(label->lfs); *p++ = cpu_to_be32(label->pi); *p++ = cpu_to_be32(label->len); p = xdr_encode_opaque_fixed(p, label->label, label->len); To fix these bugs, label is checked before being used. These bugs are found by a static analysis tool STCheck written by us. Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com> Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'fs/nfs')
-rw-r--r--fs/nfs/nfs4xdr.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/nfs/nfs4xdr.c b/fs/nfs/nfs4xdr.c
index 549c916d2859..525684b0056f 100644
--- a/fs/nfs/nfs4xdr.c
+++ b/fs/nfs/nfs4xdr.c
@@ -1132,7 +1132,7 @@ static void encode_attrs(struct xdr_stream *xdr, const struct iattr *iap,
} else
*p++ = cpu_to_be32(NFS4_SET_TO_SERVER_TIME);
}
- if (bmval[2] & FATTR4_WORD2_SECURITY_LABEL) {
+ if (label && (bmval[2] & FATTR4_WORD2_SECURITY_LABEL)) {
*p++ = cpu_to_be32(label->lfs);
*p++ = cpu_to_be32(label->pi);
*p++ = cpu_to_be32(label->len);