Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp11628022ybi; Thu, 25 Jul 2019 20:37:55 -0700 (PDT) X-Google-Smtp-Source: APXvYqxpQW3OY4I+on03m5yLPBKf4tzLXRToOrLwAB3rYgQ6K7oD59B7xvPIz6RL1QH1M8u3kFvQ X-Received: by 2002:a17:902:8490:: with SMTP id c16mr96025074plo.1.1564112275611; Thu, 25 Jul 2019 20:37:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564112275; cv=none; d=google.com; s=arc-20160816; b=gHqO/2aQOxXyNXgklKNAIMPaZaalHnzwbjleqA1huLLr6rGGVf7OTstFzbEX7rMzqo 4MDrSkHFUSFk/jMTmsT9Gf/B0MkONItjGCerXLmt1pw0UTKkqJX9KTIiXRIW37VFkFd9 hocwW7iKNvRf67S1fZ5vnB9MeDh7DLiOx6KyTCo4tJ2gLiuVkR0j+ryHqz1T8P3vFU9e pXM80+wYTDVoCIVrFS/vKyaNq/447ImIjXXZrsVJcW5IQbIiKDi8AakBGejNx9oiad0r dxlIaTIDwFgxxvZrrIw2xPWJ+CQJv8CY85Rx5/ijyxmSe56JZ8hc8/tlEW6E6Bna0Tcz diIw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature; bh=BLVEPxcF5NdA8EzN2EB6V4xBkvtLOum18kgdswH1FhA=; b=bZsBDluc4hAsRELvzKX+stD8v/Dm+0WbkLFuYiw62iwfC+kf5jWMkNrB7Pd0Rn4QpH sCxn+2+lpjrn8zSFjEbvehS60AlgBZILsJrDL1mp1klvq270NfJbFVAIYuucGryNNvRq K2uioJO7QszCi5etANieQW/32jZGmlbJR09jfB2R/quciSMqF3Kl7C4xDCQJaV1xkSYD 3Nl//GSqhD6enf0W0dAElxuKFCkcka5a3u2yxtjIqAVymVpst81AV42iVUcES4r0NVRr sXbNG9egbXf8B9y2NFqO9jK4yyl9e7eB0i2/JGPpJR3LKY4FyWthZ+rWINjbnQHN9DNc VzOA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=XVkukViM; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d1si4037182pgn.512.2019.07.25.20.37.38; Thu, 25 Jul 2019 20:37:55 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=XVkukViM; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725945AbfGZDhC (ORCPT + 99 others); Thu, 25 Jul 2019 23:37:02 -0400 Received: from mail-pg1-f196.google.com ([209.85.215.196]:34548 "EHLO mail-pg1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725842AbfGZDhC (ORCPT ); Thu, 25 Jul 2019 23:37:02 -0400 Received: by mail-pg1-f196.google.com with SMTP id n9so17831590pgc.1 for ; Thu, 25 Jul 2019 20:37:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=BLVEPxcF5NdA8EzN2EB6V4xBkvtLOum18kgdswH1FhA=; b=XVkukViMyVlBnVbjuVPWB2cGHGKknmsr5nyQ4AzfINu7whJU6erqA3n632yISp4R3+ 2fbks/qnFTS1+3Nseq0z25QJQslcDp9ScbW/FWwM6+2hJonkJLvS+ttTv0QlhRrQ53YB ZnZ1p/MnpZ6lJCDvbAc4z6mr0jbPUgHCBtY4at4ZMc80/WkrLWHEB/0anjEBvHv+SEMe XlSWnBPg6xR93Z4/MUCjzbNOSmgGSdRK6qfCyPAOTZaSq2lLBMH6yZm3b0An4rRByOpE SoR2zbcvSSWUNhBbZ47ZpVlF472129glrFpAMmIVpq7cPXiS6Ohz77hC96f8sO1c86Xe lYsA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=BLVEPxcF5NdA8EzN2EB6V4xBkvtLOum18kgdswH1FhA=; b=aHRRKB0MCI2KXA5yvdOcXyDHX/7FcwGK8Pg3VTiwjAbhB2b7BY3P7fPQ12KAmuVY5x FVWHBY4NSM6GQLm9EWBUHbI99jFcIoZZuo/oRUvz90ChSscsUs6ATpQqlOgonhcdYf6n OE73H2BZqD7hR7VjX+KSHlhfjOxvOTMnDnpEfPHtRQ8zjRj+nFXI/zQdoPyqj24+OdB7 EfoPHKw7AApeKUNgAAte/WXFM62NcnxR9DC3lfIRgbutLAPD1JyF4AaGPQVf1ca/lsaU /VVyyUEVo6Fh+7GWDQBo5KrVMWQclUAGiKo5Wu5htTv29kCWchWYMl+RdLp6FLjzphQ3 7SSA== X-Gm-Message-State: APjAAAX1TYGcv1P0yL+PWzYg8TuwQNDHjCxlO8xpa2qDZ1eLH/AA4WbT HSQ/jgJlclQ7EbBY+aYc8PI= X-Received: by 2002:aa7:8218:: with SMTP id k24mr19181503pfi.221.1564112221975; Thu, 25 Jul 2019 20:37:01 -0700 (PDT) Received: from oslab.tsinghua.edu.cn ([2402:f000:4:72:808::3ca]) by smtp.gmail.com with ESMTPSA id b3sm66716040pfp.65.2019.07.25.20.36.59 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 25 Jul 2019 20:37:01 -0700 (PDT) From: Jia-Ju Bai To: mark@fasheh.com, jlbec@evilplan.org, joseph.qi@linux.alibaba.com Cc: ocfs2-devel@oss.oracle.com, linux-kernel@vger.kernel.org, Jia-Ju Bai Subject: [PATCH 1/3] fs: ocfs2: Fix possible null-pointer dereferences in ocfs2_xa_prepare_entry() Date: Fri, 26 Jul 2019 11:36:55 +0800 Message-Id: <20190726033655.32253-1-baijiaju1990@gmail.com> X-Mailer: git-send-email 2.17.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In ocfs2_xa_prepare_entry(), there is an if statement on line 2136 to check whether loc->xl_entry is NULL: if (loc->xl_entry) When loc->xl_entry is NULL, it is used on line 2158: ocfs2_xa_add_entry(loc, name_hash); loc->xl_entry->xe_name_hash = cpu_to_le32(name_hash); loc->xl_entry->xe_name_offset = cpu_to_le16(loc->xl_size); and line 2164: ocfs2_xa_add_namevalue(loc, xi); loc->xl_entry->xe_value_size = cpu_to_le64(xi->xi_value_len); loc->xl_entry->xe_name_len = xi->xi_name_len; Thus, possible null-pointer dereferences may occur. To fix these bugs, if loc-xl_entry is NULL, ocfs2_xa_prepare_entry() abnormally returns with -EINVAL. These bugs are found by a static analysis tool STCheck written by us. Signed-off-by: Jia-Ju Bai --- fs/ocfs2/xattr.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/fs/ocfs2/xattr.c b/fs/ocfs2/xattr.c index 385f3aaa2448..f690502daf3c 100644 --- a/fs/ocfs2/xattr.c +++ b/fs/ocfs2/xattr.c @@ -2154,8 +2154,10 @@ static int ocfs2_xa_prepare_entry(struct ocfs2_xa_loc *loc, } } ocfs2_xa_wipe_namevalue(loc); - } else - ocfs2_xa_add_entry(loc, name_hash); + } else { + rc = -EINVAL; + goto out; + } /* * If we get here, we have a blank entry. Fill it. We grow our -- 2.17.0