2013-02-24 22:23:39

by Syam Sidhardhan

[permalink] [raw]
Subject: [PATCH] SUNRPC: Fix possible NULL pointer dereference

Check for cred == NULL has to be done before accessing cred.

Signed-off-by: Syam Sidhardhan <[email protected]>
---
net/sunrpc/auth.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/net/sunrpc/auth.c b/net/sunrpc/auth.c
index f529404..18678a6 100644
--- a/net/sunrpc/auth.c
+++ b/net/sunrpc/auth.c
@@ -695,10 +695,13 @@ rpcauth_invalcred(struct rpc_task *task)
{
struct rpc_cred *cred = task->tk_rqstp->rq_cred;

+ if (cred == NULL)
+ return;
+
dprintk("RPC: %5u invalidating %s cred %p\n",
task->tk_pid, cred->cr_auth->au_ops->au_name, cred);
- if (cred)
- clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
+
+ clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
}

int
--
1.7.9.5



2013-02-24 22:35:12

by Myklebust, Trond

[permalink] [raw]
Subject: Re: [PATCH] SUNRPC: Fix possible NULL pointer dereference

On Mon, 2013-02-25 at 03:53 +0530, Syam Sidhardhan wrote:
> Check for cred == NULL has to be done before accessing cred.
>
> Signed-off-by: Syam Sidhardhan <[email protected]>
> ---
> net/sunrpc/auth.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/net/sunrpc/auth.c b/net/sunrpc/auth.c
> index f529404..18678a6 100644
> --- a/net/sunrpc/auth.c
> +++ b/net/sunrpc/auth.c
> @@ -695,10 +695,13 @@ rpcauth_invalcred(struct rpc_task *task)
> {
> struct rpc_cred *cred = task->tk_rqstp->rq_cred;
>
> + if (cred == NULL)
> + return;
> +
> dprintk("RPC: %5u invalidating %s cred %p\n",
> task->tk_pid, cred->cr_auth->au_ops->au_name, cred);
> - if (cred)
> - clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
> +
> + clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
> }
>
> int

Do we need that check at all?

--
Trond Myklebust
Linux NFS client maintainer

NetApp
[email protected]
http://www.netapp.com

2013-02-25 15:21:11

by Syam Sidhardhan

[permalink] [raw]
Subject: Re: [PATCH] SUNRPC: Fix possible NULL pointer dereference

Hi Trond,

On Mon, Feb 25, 2013 at 4:05 AM, Myklebust, Trond
<[email protected]> wrote:
> On Mon, 2013-02-25 at 03:53 +0530, Syam Sidhardhan wrote:
>> Check for cred == NULL has to be done before accessing cred.
>>
>> Signed-off-by: Syam Sidhardhan <[email protected]>
>> ---
>> net/sunrpc/auth.c | 7 +++++--
>> 1 file changed, 5 insertions(+), 2 deletions(-)
>>
>> diff --git a/net/sunrpc/auth.c b/net/sunrpc/auth.c
>> index f529404..18678a6 100644
>> --- a/net/sunrpc/auth.c
>> +++ b/net/sunrpc/auth.c
>> @@ -695,10 +695,13 @@ rpcauth_invalcred(struct rpc_task *task)
>> {
>> struct rpc_cred *cred = task->tk_rqstp->rq_cred;
>>
>> + if (cred == NULL)
>> + return;
>> +
>> dprintk("RPC: %5u invalidating %s cred %p\n",
>> task->tk_pid, cred->cr_auth->au_ops->au_name, cred);
>> - if (cred)
>> - clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
>> +
>> + clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
>> }
>>
>> int
>
> Do we need that check at all?

I'm not sure whether we need that check or not. However
similar functions such as rpcauth_refreshcred(), rpcauth_uptodatecred() etc
are doing the same check inside. Cppcheck is throwing an error too.

Regards,
Syam