From patchwork Thu Apr 24 08:49:05 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luis Henriques X-Patchwork-Id: 342218 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) by ozlabs.org (Postfix) with ESMTP id 20F3C1400A7; Thu, 24 Apr 2014 18:54:55 +1000 (EST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.76) (envelope-from ) id 1WdFQh-0003MT-Ht; Thu, 24 Apr 2014 08:54:51 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtp (Exim 4.76) (envelope-from ) id 1WdFOH-00027S-Gw for kernel-team@lists.ubuntu.com; Thu, 24 Apr 2014 08:52:21 +0000 Received: from bl15-145-16.dsl.telepac.pt ([188.80.145.16] helo=localhost) by youngberry.canonical.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1WdFOH-0004qE-9x; Thu, 24 Apr 2014 08:52:21 +0000 From: Luis Henriques To: linux-kernel@vger.kernel.org, stable@vger.kernel.org, kernel-team@lists.ubuntu.com Subject: [PATCH 3.11 020/182] fs: NULL dereference in posix_acl_to_xattr() Date: Thu, 24 Apr 2014 09:49:05 +0100 Message-Id: <1398329507-5911-21-git-send-email-luis.henriques@canonical.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1398329507-5911-1-git-send-email-luis.henriques@canonical.com> References: <1398329507-5911-1-git-send-email-luis.henriques@canonical.com> X-Extended-Stable: 3.11 Cc: Steven Whitehouse , Dan Carpenter X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.14 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: kernel-team-bounces@lists.ubuntu.com 3.11.10.9 -stable review patch. If anyone has any objections, please let me know. ------------------ From: Dan Carpenter commit 47ba9734403770a4c5e685b01f0a72b835dd4fff upstream. This patch moves the dereference of "buffer" after the check for NULL. The only place which passes a NULL parameter is gfs2_set_acl(). Signed-off-by: Dan Carpenter Signed-off-by: Steven Whitehouse [ luis: backported to 3.11: - posix_acl_to_xattr() is defined in xattr_acl.c, not in posix_acl.c ] Signed-off-by: Luis Henriques --- fs/xattr_acl.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/fs/xattr_acl.c b/fs/xattr_acl.c index 9fbea87..cd1147c 100644 --- a/fs/xattr_acl.c +++ b/fs/xattr_acl.c @@ -146,7 +146,7 @@ posix_acl_to_xattr(struct user_namespace *user_ns, const struct posix_acl *acl, void *buffer, size_t size) { posix_acl_xattr_header *ext_acl = (posix_acl_xattr_header *)buffer; - posix_acl_xattr_entry *ext_entry = ext_acl->a_entries; + posix_acl_xattr_entry *ext_entry; int real_size, n; real_size = posix_acl_xattr_size(acl->a_count); @@ -154,7 +154,8 @@ posix_acl_to_xattr(struct user_namespace *user_ns, const struct posix_acl *acl, return real_size; if (real_size > size) return -ERANGE; - + + ext_entry = ext_acl->a_entries; ext_acl->a_version = cpu_to_le32(POSIX_ACL_XATTR_VERSION); for (n=0; n < acl->a_count; n++, ext_entry++) {