[{"id":1765023,"web_url":"http://patchwork.ozlabs.org/comment/1765023/","msgid":"<CY4PR21MB01356781E9457873AE7A8AAAB6950@CY4PR21MB0135.namprd21.prod.outlook.com>","list_archive_url":null,"date":"2017-09-08T01:01:12","subject":"RE: [PATCH] cifs: check rsp for NULL before dereferencing in\n\tSMB2_open","submitter":{"id":72325,"url":"http://patchwork.ozlabs.org/api/people/72325/","name":"Pavel Shilovskiy","email":"pshilov@microsoft.com"},"content":"2017-09-07 17:37 GMT-07:00 Ronnie Sahlberg <lsahlber@redhat.com>:\n> In SMB2_open there are several paths where the SendReceive2\n> call will return an error before it sets rsp_iov.iov_base\n> thus leaving iov_base uninitialized.\n>\n> Thus we need to check rsp before we dereference it in\n> the call to get_rfc1002_length().\n>\n> A report of this issue was previously reported in\n> http://www.spinics.net/lists/linux-cifs/msg12846.html\n>\n> RH-bugzilla : 1476151\n>\n> Version 2 :\n> * Lets properly initialize rsp_iov before we use it.\n>\n> Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>\n> ---\n>  fs/cifs/smb2pdu.c | 4 ++--\n>  1 file changed, 2 insertions(+), 2 deletions(-)\n>\n> diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c\n> index 97edb4d376cd..6e7d145d8b2f 100644\n> --- a/fs/cifs/smb2pdu.c\n> +++ b/fs/cifs/smb2pdu.c\n> @@ -1617,7 +1617,7 @@ SMB2_open(const unsigned int xid, struct cifs_open_parms *oparms, __le16 *path,\n>         struct cifs_tcon *tcon = oparms->tcon;\n>         struct cifs_ses *ses = tcon->ses;\n>         struct kvec iov[4];\n> -       struct kvec rsp_iov;\n> +       struct kvec rsp_iov = {NULL, 0};\n>         int resp_buftype;\n>         int uni_path_len;\n>         __le16 *copy_path = NULL;\n> @@ -1746,7 +1746,7 @@ SMB2_open(const unsigned int xid, struct cifs_open_parms *oparms, __le16 *path,\n>\n>         if (rc != 0) {\n>                 cifs_stats_fail_inc(tcon, SMB2_CREATE_HE);\n> -               if (err_buf)\n> +               if (err_buf && rsp)\n>                         *err_buf = kmemdup(rsp, get_rfc1002_length(rsp) + 4,\n>                                            GFP_KERNEL);\n>                 goto creat_exit;\n> --\n> 2.13.3\n>\n> --\n> To unsubscribe from this list: send the line \"unsubscribe linux-cifs\" in\n> the body of a message to majordomo@vger.kernel.org\n> More majordomo info at  http://vger.kernel.org/majordomo-info.html\n\nThe patch looks correct. Good candidate for stable, I think.\n\nReviewed-by: Pavel Shilovsky <pshilov@microsoft.com>.\n\nAlso It seems like we are not checking for the STATUS_STOPPED_ON_SYMLINK error code in smb2_query_symlink().\n\n--\nBest regards,\nPavel Shilovsky\n--\nTo unsubscribe from this list: send the line \"unsubscribe linux-cifs\" in\nthe body of a message to majordomo@vger.kernel.org\nMore majordomo info at  http://vger.kernel.org/majordomo-info.html","headers":{"Return-Path":"<linux-cifs-owner@vger.kernel.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=linux-cifs-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)","ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (1024-bit key;\n\tunprotected) header.d=microsoft.com header.i=@microsoft.com\n\theader.b=\"o5xSG72j\"; dkim-atps=neutral","spf=none (sender IP is )\n\tsmtp.mailfrom=pshilov@microsoft.com; "],"Received":["from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xpJt43Bxwz9sBZ\n\tfor <incoming@patchwork.ozlabs.org>;\n\tFri,  8 Sep 2017 11:01:16 +1000 (AEST)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1751457AbdIHBBP (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);\n\tThu, 7 Sep 2017 21:01:15 -0400","from mail-sn1nam02on0093.outbound.protection.outlook.com\n\t([104.47.36.93]:60807\n\t\"EHLO NAM02-SN1-obe.outbound.protection.outlook.com\"\n\trhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP\n\tid S1751456AbdIHBBO (ORCPT <rfc822;linux-cifs@vger.kernel.org>);\n\tThu, 7 Sep 2017 21:01:14 -0400","from CY4PR21MB0135.namprd21.prod.outlook.com (10.173.189.17) by\n\tCY4PR21MB0183.namprd21.prod.outlook.com (10.173.193.9) with Microsoft\n\tSMTP Server (version=TLS1_2,\n\tcipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id\n\t15.20.56.6; Fri, 8 Sep 2017 01:01:12 +0000","from CY4PR21MB0135.namprd21.prod.outlook.com ([10.173.189.17]) by\n\tCY4PR21MB0135.namprd21.prod.outlook.com ([10.173.189.17]) with\n\tmapi id 15.20.0056.003; Fri, 8 Sep 2017 01:01:12 +0000"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;\n\ts=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;\n\tbh=lSPTiQ34NuZ3qBoVriZ0Q9goWe78biYR4YNLlzWdQzM=;\n\tb=o5xSG72jJSGMRZbavakluQGDYqNW7hhA3Jt+yN/DNQwqH6AKHUqMHbw3gPwR6+YQMaURxpoX/gV/VOI6SEc/SA6iBIfz5AJwUDntwxnhSHh6XInTT9Rxvln30eKZ7CGkf+8guljljfBLqmQ/GM+4mMnnAhtjYbND873THrzQG7Y=","From":"Pavel Shilovskiy <pshilov@microsoft.com>","To":"Ronnie Sahlberg <lsahlber@redhat.com>,\n\tlinux-cifs <linux-cifs@vger.kernel.org>","CC":"Steve French <smfrench@gmail.com>","Subject":"RE: [PATCH] cifs: check rsp for NULL before dereferencing in\n\tSMB2_open","Thread-Topic":"[PATCH] cifs: check rsp for NULL before dereferencing in\n\tSMB2_open","Thread-Index":"AQHTKDq0ARxTb6HbXE2kKt0pQ7SplaKqKzAA","Date":"Fri, 8 Sep 2017 01:01:12 +0000","Message-ID":"<CY4PR21MB01356781E9457873AE7A8AAAB6950@CY4PR21MB0135.namprd21.prod.outlook.com>","References":"<20170908003735.14789-1-lsahlber@redhat.com>","In-Reply-To":"<20170908003735.14789-1-lsahlber@redhat.com>","Accept-Language":"en-US","Content-Language":"en-US","X-MS-Has-Attach":"","X-MS-TNEF-Correlator":"","msip_labels":"MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True;\n\tMSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;\n\tMSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Ref=https://api.informationprotection.azure.com/api/72f988bf-86f1-41af-91ab-2d7cd011db47;\n\tMSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=pshilov@microsoft.com;\n\tMSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2017-09-07T18:01:10.5398718-07:00;\n\tMSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General;\n\tMSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft\n\tAzure Information Protection;\n\tMSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic;\n\tSensitivity=General","x-originating-ip":"[2001:4898:80e8::4ec]","x-ms-publictraffictype":"Email","x-microsoft-exchange-diagnostics":"1; CY4PR21MB0183;\n\t6:bOdQOPPc0IS3EKtamGCMVctiI4QKuM1mutTXqqRpLSNQJtJ0jkp0mBCauBOMtnqHsB1KRWB9qbyxxGZRyMugfuwdkX8H1K+T8A3BeldJwdvxivp4872CrpecSuxORkM/NH4DXN7gFDgjlMS+9pNvntakngjp4uDqxz1HbUaOeXXWuB8WJmuZ6Agc2pJ6sLEBZME6EN18N8fNwActTStI66BUl8G8GZf6IYhB/15OI6bADbEALuHfOABAVDeXuqtxfaq+Agjfm2apRXIHTjW8pE8IHcBZGLtG60EhC3xcS2hODcnFFjnvTTVkZsv/JBKUv+JH7DJHvgGFBtujZVHpDA==;\n\t5:1N0N0dfkPc+qvi3HXpezkJknwK2Bz7GZbcs+G74e5cmi0TS4QxjAT90S0FXMQQqakC6EbysS6BDRykH1OYCxjf+RfCHxnRLZlfc6S4SYiRvjf6F7ni+m1qJZwQp01XhqDGi5wDOhy8aWa/Z++bZeNw==;\n\t24:SfD1tFtIQBDKfpxfxdqi7d9dlBRvIE48Lkf0kxYTHmeQSBc89h8MzB+/Jns+exDUh7pJdi6ZvM1OcegOhfNklzeS0vrJSEHB0uu45bF2ci0=;\n\t7:dTNAiA3f4hReQnz+/iiRQX1+CI51gQyqRx+5Bx3vAL2Hkmqqp6X0RDWnH6GSQpO+KR6xR81J1Q/VEom+61fPVheCdlx8R4Y+8O8pZ13xCJ+VP0VEky2jds8PR6f1gR4NwEfASP39fAihea1NSWwzCyMnHCMumyisEO5t6CKeFaTCfzwKpkCBM6GDZyWXb/RV81JW71h37ENyjbkRO3AabG/+VemdZhT9pYftf7xpdr4=","x-ms-exchange-antispam-srfa-diagnostics":"SSOS;","x-ms-office365-filtering-correlation-id":"9ab2cde2-d1b4-48c6-4c63-08d4f6551963","x-ms-office365-filtering-ht":"Tenant","x-microsoft-antispam":"UriScan:; BCL:0; PCL:0;\n\tRULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254152)(48565401081)(300000503095)(300135400095)(2017052603199)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095);\n\tSRVR:CY4PR21MB0183; ","x-ms-traffictypediagnostic":"CY4PR21MB0183:","authentication-results":["ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=linux-cifs-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)","ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (1024-bit key;\n\tunprotected) header.d=microsoft.com header.i=@microsoft.com\n\theader.b=\"o5xSG72j\"; dkim-atps=neutral","spf=none (sender IP is )\n\tsmtp.mailfrom=pshilov@microsoft.com; "],"x-exchange-antispam-report-test":"UriScan:(9452136761055);","x-microsoft-antispam-prvs":"<CY4PR21MB0183E73828A7B8F32C11B44AB6950@CY4PR21MB0183.namprd21.prod.outlook.com>","x-exchange-antispam-report-cfa-test":"BCL:0; PCL:0;\n\tRULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(61425038)(6040450)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3002001)(100000703101)(100105400095)(6055026)(61426038)(61427038)(6041248)(20161123558100)(20161123560025)(20161123562025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095);\n\tSRVR:CY4PR21MB0183; BCL:0; PCL:0;\n\tRULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);\n\tSRVR:CY4PR21MB0183; ","x-forefront-prvs":"04244E0DC5","x-forefront-antispam-report":"SFV:NSPM;\n\tSFS:(10019020)(6009001)(39860400002)(47760400005)(199003)(189002)(4326008)(9686003)(106356001)(54356999)(76176999)(50986999)(105586002)(33656002)(3280700002)(8936002)(2906002)(3660700001)(6116002)(68736007)(25786009)(102836003)(101416001)(478600001)(81166006)(74316002)(81156014)(10290500003)(966005)(7736002)(97736004)(2950100002)(8676002)(189998001)(305945005)(2900100001)(10090500001)(7696004)(77096006)(8990500004)(53936002)(55016002)(6306002)(6436002)(99286003)(6506006)(14454004)(39060400002)(5660300001)(6246003)(86612001)(86362001)(229853002)(22452003);\n\tDIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR21MB0183;\n\tH:CY4PR21MB0135.namprd21.prod.outlook.com; FPR:; SPF:None;\n\tPTR:InfoNoRecords; A:1; MX:1; LANG:en; ","received-spf":"None (protection.outlook.com: microsoft.com does not designate\n\tpermitted sender hosts)","spamdiagnosticoutput":"1:99","spamdiagnosticmetadata":"NSPM","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"quoted-printable","MIME-Version":"1.0","X-OriginatorOrg":"microsoft.com","X-MS-Exchange-CrossTenant-originalarrivaltime":"08 Sep 2017 01:01:12.3423\n\t(UTC)","X-MS-Exchange-CrossTenant-fromentityheader":"Hosted","X-MS-Exchange-CrossTenant-id":"72f988bf-86f1-41af-91ab-2d7cd011db47","X-MS-Exchange-Transport-CrossTenantHeadersStamped":"CY4PR21MB0183","Sender":"linux-cifs-owner@vger.kernel.org","Precedence":"bulk","List-ID":"<linux-cifs.vger.kernel.org>","X-Mailing-List":"linux-cifs@vger.kernel.org"}}]