diff options
author | Aurélien Aptel <aaptel@suse.com> | 2017-10-11 13:23:36 +0200 |
---|---|---|
committer | Steve French <smfrench@gmail.com> | 2017-10-25 19:58:54 +0200 |
commit | db3b5474f462e77b82ca1e27627f03c47b622c99 (patch) | |
tree | 050af9770bae04fc16b274f9c5f29d0f789952c1 | |
parent | CIFS: do not send invalid input buffer on QUERY_INFO requests (diff) | |
download | linux-db3b5474f462e77b82ca1e27627f03c47b622c99.tar.xz linux-db3b5474f462e77b82ca1e27627f03c47b622c99.zip |
CIFS: Fix NULL pointer deref on SMB2_tcon() failure
If SendReceive2() fails rsp is set to NULL but is dereferenced in the
error handling code.
Cc: stable@vger.kernel.org
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
Signed-off-by: Steve French <smfrench@gmail.com>
-rw-r--r-- | fs/cifs/smb2pdu.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index fa17caa56128..3efcd96b52c5 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -1255,7 +1255,7 @@ SMB2_tcon(const unsigned int xid, struct cifs_ses *ses, const char *tree, struct smb2_tree_connect_req *req; struct smb2_tree_connect_rsp *rsp = NULL; struct kvec iov[2]; - struct kvec rsp_iov; + struct kvec rsp_iov = { NULL, 0 }; int rc = 0; int resp_buftype; int unc_path_len; @@ -1372,7 +1372,7 @@ tcon_exit: return rc; tcon_error_exit: - if (rsp->hdr.sync_hdr.Status == STATUS_BAD_NETWORK_NAME) { + if (rsp && rsp->hdr.sync_hdr.Status == STATUS_BAD_NETWORK_NAME) { cifs_dbg(VFS, "BAD_NETWORK_NAME: %s\n", tree); } goto tcon_exit; |