Received: by 10.213.65.68 with SMTP id h4csp3966976imn; Tue, 3 Apr 2018 14:03:52 -0700 (PDT) X-Google-Smtp-Source: AIpwx49CNHPW3J7ataN+ODY3+Juq0ynkX3KWtiprqrjc008czBoCVlwTn1pEqQvJW7fqj/s2rNTH X-Received: by 10.101.67.13 with SMTP id j13mr10066081pgq.432.1522789432742; Tue, 03 Apr 2018 14:03:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522789432; cv=none; d=google.com; s=arc-20160816; b=VpiA7eD96xuoF67WOtbTuZ1O4GJF0+o2nPNiT9jgTCEe/zNPuYCsbwcb2WXkP98IYW rnfEC5RO4JlzlCDfnSnaPTSAdesAKem2LW8t/tTHSaAb9i2cAw4RoHwXVoynrscZq3kg ub0jcC1s+l+CYWXMZR2CL5iNEaCf3ixzPKdwtxKLv7DAkRDSQABR52Ce4dZutdzMxeiH R4Zj6hSIH2AW+YliKV/iyvGcqE9RwnNWEZ4zwUI7b0+6qkUPQbjll8Qg9P+a7KW9xlIx BiZEipJ+TpzQZ8arUylYm4kRmHW0kAAKelzOMhsrid8qr2Udwm66lX9ZEpAPEMGphRGl jDNA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:arc-authentication-results; bh=b150zMbQDy5Jp2yMQPHYZCblERX1YQbnrJxaoQ6Mnfc=; b=b+Bsq9EVzB6zXbxFLHwJo8IJKZgiOnnSq+9rJ7gJhGeQZzWT6YAR5sEfEopfj2gqjA Y1qQlNKL5O+pwtMG3tH+kDoeoVt9WAX4r4W2MUmvobVAAMXjNTH4zql39NOUycjX+rNJ RNBlWQqa1JnpveYcPbjPmI8GWuzK3RZNucgGQjsSyVYnI46MqVqZ7AXpWfIQ7KKK5DWn gef34ANkJMSZkNVU75EDcs1kV6g4dqdjJyiMpKfDNOvP6MmzOyqG0LsaCJuztk0b9M49 Evd1i5F4xw9E68Cd0zn8ZNGrZQJSX0PsDQCBkJ0D5UK8dHnM6XXGRhtFH7i5wY0EaGUK 4xnQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k4-v6si1389766pls.240.2018.04.03.14.03.36; Tue, 03 Apr 2018 14:03:52 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753371AbeDCVCY (ORCPT + 99 others); Tue, 3 Apr 2018 17:02:24 -0400 Received: from gateway24.websitewelcome.com ([192.185.51.228]:49204 "EHLO gateway24.websitewelcome.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752639AbeDCVCX (ORCPT ); Tue, 3 Apr 2018 17:02:23 -0400 Received: from cm12.websitewelcome.com (cm12.websitewelcome.com [100.42.49.8]) by gateway24.websitewelcome.com (Postfix) with ESMTP id DF296AB5D89 for ; Tue, 3 Apr 2018 16:02:22 -0500 (CDT) Received: from gator4166.hostgator.com ([108.167.133.22]) by cmsmtp with SMTP id 3T4QfDIqH7Ovo3T4QfWar1; Tue, 03 Apr 2018 16:02:22 -0500 Received: from [189.145.54.187] (port=42256 helo=[192.168.1.71]) by gator4166.hostgator.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.89_1) (envelope-from ) id 1f3T4Q-000K2q-FQ; Tue, 03 Apr 2018 16:02:22 -0500 Subject: Re: [PATCH] cifs: cifssmb: Fix potential NULL pointer dereference To: "Gustavo A. R. Silva" , Ronnie Sahlberg , Steve French Cc: linux-cifs@vger.kernel.org, samba-technical@lists.samba.org, linux-kernel@vger.kernel.org References: <20180403205512.GA28804@embeddedor.com> From: "Gustavo A. R. Silva" Message-ID: Date: Tue, 3 Apr 2018 16:02:20 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <20180403205512.GA28804@embeddedor.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - gator4166.hostgator.com X-AntiAbuse: Original Domain - vger.kernel.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - embeddedor.com X-BWhitelist: no X-Source-IP: 189.145.54.187 X-Source-L: No X-Exim-ID: 1f3T4Q-000K2q-FQ X-Source: X-Source-Args: X-Source-Dir: X-Source-Sender: ([192.168.1.71]) [189.145.54.187]:42256 X-Source-Auth: gustavo@embeddedor.com X-Email-Count: 11 X-Source-Cap: Z3V6aWRpbmU7Z3V6aWRpbmU7Z2F0b3I0MTY2Lmhvc3RnYXRvci5jb20= X-Local-Domain: yes Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, I noticed the subject was incorrect. Drop this patch, please. I just sent v2. Thanks -- Gustavo On 04/03/2018 03:55 PM, Gustavo A. R. Silva wrote: > tcon->ses is being dereferenced before it is null checked, hence > there is a potential null pointer dereference. > > Fix this by moving the pointer dereference after tcon->ses has > been properly null checked. > > Addresses-Coverity-ID: 1467426 ("Dereference before null check") > Fixes: 93012bf98416 ("cifs: add server->vals->header_preamble_size") > Signed-off-by: Gustavo A. R. Silva > --- > fs/cifs/smb2pdu.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c > index f7741ce..e5ac474 100644 > --- a/fs/cifs/smb2pdu.c > +++ b/fs/cifs/smb2pdu.c > @@ -3454,7 +3454,7 @@ static int > build_qfs_info_req(struct kvec *iov, struct cifs_tcon *tcon, int level, > int outbuf_len, u64 persistent_fid, u64 volatile_fid) > { > - struct TCP_Server_Info *server = tcon->ses->server; > + struct TCP_Server_Info *server; > int rc; > struct smb2_query_info_req *req; > unsigned int total_len; > @@ -3464,6 +3464,8 @@ build_qfs_info_req(struct kvec *iov, struct cifs_tcon *tcon, int level, > if ((tcon->ses == NULL) || (tcon->ses->server == NULL)) > return -EIO; > > + server = tcon->ses->server; > + > rc = smb2_plain_req_init(SMB2_QUERY_INFO, tcon, (void **) &req, > &total_len); > if (rc) >