[CIFS] Possible null ptr deref in SMB2_tcon
authorSteve French <smfrench@gmail.com>
Sun, 17 Aug 2014 05:22:24 +0000 (00:22 -0500)
committerSteve French <smfrench@gmail.com>
Sun, 17 Aug 2014 05:41:02 +0000 (00:41 -0500)
As Raphael Geissert pointed out, tcon_error_exit can dereference tcon
and there is one path in which tcon can be null.

Signed-off-by: Steve French <smfrench@gmail.com>
CC: Stable <stable@vger.kernel.org> # v3.7+
Reported-by: Raphael Geissert <geissert@debian.org>
fs/cifs/smb2pdu.c

index 74440af59f3554d75afefd0f265ded355077ef31..240c627bc0c6619a55423428eec4c7b941365acf 100644 (file)
@@ -907,7 +907,8 @@ tcon_exit:
 tcon_error_exit:
        if (rsp->hdr.Status == STATUS_BAD_NETWORK_NAME) {
                cifs_dbg(VFS, "BAD_NETWORK_NAME: %s\n", tree);
-               tcon->bad_network_name = true;
+               if (tcon)
+                       tcon->bad_network_name = true;
        }
        goto tcon_exit;
 }