CIFS: Possible null ptr deref in SMB2_tcon
authorSteve French <smfrench@gmail.com>
Sun, 17 Aug 2014 05:22:24 +0000 (00:22 -0500)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 17 Sep 2014 16:04:01 +0000 (09:04 -0700)
commit 18f39e7be0121317550d03e267e3ebd4dbfbb3ce upstream.

As Raphael Geissert pointed out, tcon_error_exit can dereference tcon
and there is one path in which tcon can be null.

Signed-off-by: Steve French <smfrench@gmail.com>
Reported-by: Raphael Geissert <geissert@debian.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
fs/cifs/smb2pdu.c

index c7a6fd87bb6eb8e5512f483498da9ef42573e651..184c55820d1f270df2661a694baca633fe38409e 100644 (file)
@@ -809,7 +809,8 @@ tcon_exit:
 tcon_error_exit:
        if (rsp->hdr.Status == STATUS_BAD_NETWORK_NAME) {
                cifs_dbg(VFS, "BAD_NETWORK_NAME: %s\n", tree);
-               tcon->bad_network_name = true;
+               if (tcon)
+                       tcon->bad_network_name = true;
        }
        goto tcon_exit;
 }