projects / GitHub / moto-9609 / android_kernel_motorola_exynos9610.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: cd019f7)
NFS - fix potential NULL pointer dereference v2
authorCyrill Gorcunov <gorcunov@gmail.com>
Thu, 17 Apr 2008 16:42:09 +0000 (20:42 +0400)
committerTrond Myklebust <Trond.Myklebust@netapp.com>
Sat, 19 Apr 2008 20:55:22 +0000 (16:55 -0400)
There is possible NULL pointer dereference if kstr[n]dup failed.
So fix them for safety.

Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
fs/nfs/super.c patch | blob | blame | history

diff --git a/fs/nfs/super.c b/fs/nfs/super.c
index c99ca1f992ce7aa80a0c7d5dcc1d5d8fb108f238..2215bcd24bd275fbb696abad33b6c4dc3d824163 100644 (file)
--- a/fs/nfs/super.c
+++ b/fs/nfs/super.c
@@ -1297,6 +1297,8 @@ static int nfs_validate_mount_data(void *options,
                args->namlen            = data->namlen;
                args->bsize             = data->bsize;
                args->auth_flavors[0]   = data->pseudoflavor;
+               if (!args->nfs_server.hostname)
+                       goto out_nomem;
 
                /*
                 * The legacy version 6 binary mount data from userspace has a
@@ -1343,6 +1345,8 @@ static int nfs_validate_mount_data(void *options,
                len = c - dev_name;
                /* N.B. caller will free nfs_server.hostname in all cases */
                args->nfs_server.hostname = kstrndup(dev_name, len, GFP_KERNEL);
+               if (!args->nfs_server.hostname)
+                       goto out_nomem;
 
                c++;
                if (strlen(c) > NFS_MAXPATHLEN)
@@ -1386,6 +1390,10 @@ out_v3_not_compiled:
        return -EPROTONOSUPPORT;
 #endif /* !CONFIG_NFS_V3 */
 
+out_nomem:
+       dfprintk(MOUNT, "NFS: not enough memory to handle mount options\n");
+       return -ENOMEM;
+
 out_no_address:
        dfprintk(MOUNT, "NFS: mount program didn't pass remote address\n");
        return -EINVAL;
@@ -1892,12 +1900,16 @@ static int nfs4_validate_mount_data(void *options,
                        return -ENAMETOOLONG;
                /* N.B. caller will free nfs_server.hostname in all cases */
                args->nfs_server.hostname = kstrndup(dev_name, len, GFP_KERNEL);
+               if (!args->nfs_server.hostname)
+                       goto out_nomem;
 
                c++;                    /* step over the ':' */
                len = strlen(c);
                if (len > NFS4_MAXPATHLEN)
                        return -ENAMETOOLONG;
                args->nfs_server.export_path = kstrndup(c, len, GFP_KERNEL);
+               if (!args->nfs_server.export_path)
+                       goto out_nomem;
 
                dprintk("NFS: MNTPATH: '%s'\n", args->nfs_server.export_path);
 
@@ -1919,6 +1931,10 @@ out_inval_auth:
                 data->auth_flavourlen);
        return -EINVAL;
 
+out_nomem:
+       dfprintk(MOUNT, "NFS4: not enough memory to handle mount options\n");
+       return -ENOMEM;
+
 out_no_address:
        dfprintk(MOUNT, "NFS4: mount program didn't pass remote address\n");
        return -EINVAL;