{"id":811275,"url":"http://patchwork.ozlabs.org/api/patches/811275/?format=json","web_url":"http://patchwork.ozlabs.org/project/linux-cifs-client/patch/20170908003735.14789-1-lsahlber@redhat.com/","project":{"id":12,"url":"http://patchwork.ozlabs.org/api/projects/12/?format=json","name":"Linux CIFS Client","link_name":"linux-cifs-client","list_id":"linux-cifs.vger.kernel.org","list_email":"linux-cifs@vger.kernel.org","web_url":"","scm_url":"","webscm_url":"","list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20170908003735.14789-1-lsahlber@redhat.com>","list_archive_url":null,"date":"2017-09-08T00:37:35","name":"cifs: check rsp for NULL before dereferencing in SMB2_open","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"2acdfb9ac26d2efba178cb8ce17d54ece6980e1a","submitter":{"id":72324,"url":"http://patchwork.ozlabs.org/api/people/72324/?format=json","name":"Ronnie Sahlberg","email":"lsahlber@redhat.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/linux-cifs-client/patch/20170908003735.14789-1-lsahlber@redhat.com/mbox/","series":[{"id":2080,"url":"http://patchwork.ozlabs.org/api/series/2080/?format=json","web_url":"http://patchwork.ozlabs.org/project/linux-cifs-client/list/?series=2080","date":"2017-09-08T00:37:35","name":"cifs: check rsp for NULL before dereferencing in SMB2_open","version":1,"mbox":"http://patchwork.ozlabs.org/series/2080/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/811275/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/811275/checks/","tags":{},"related":[],"headers":{"Return-Path":"<linux-cifs-owner@vger.kernel.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=linux-cifs-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)","ext-mx03.extmail.prod.ext.phx2.redhat.com;\n\tdmarc=none (p=none dis=none) header.from=redhat.com","ext-mx03.extmail.prod.ext.phx2.redhat.com;\n\tspf=fail smtp.mailfrom=lsahlber@redhat.com"],"Received":["from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xpJM31xCpz9sBZ\n\tfor <incoming@patchwork.ozlabs.org>;\n\tFri,  8 Sep 2017 10:37:51 +1000 (AEST)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1752549AbdIHAhu (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);\n\tThu, 7 Sep 2017 20:37:50 -0400","from mx1.redhat.com ([209.132.183.28]:40502 \"EHLO mx1.redhat.com\"\n\trhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP\n\tid S1751774AbdIHAht (ORCPT <rfc822;linux-cifs@vger.kernel.org>);\n\tThu, 7 Sep 2017 20:37:49 -0400","from smtp.corp.redhat.com\n\t(int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15])\n\t(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby mx1.redhat.com (Postfix) with ESMTPS id 6CD6083F45;\n\tFri,  8 Sep 2017 00:37:49 +0000 (UTC)","from test1190.test.redhat.com (vpn2-54-84.bne.redhat.com\n\t[10.64.54.84])\n\tby smtp.corp.redhat.com (Postfix) with ESMTP id 37E905D6A4;\n\tFri,  8 Sep 2017 00:37:47 +0000 (UTC)"],"DMARC-Filter":"OpenDMARC Filter v1.3.2 mx1.redhat.com 6CD6083F45","From":"Ronnie Sahlberg <lsahlber@redhat.com>","To":"linux-cifs <linux-cifs@vger.kernel.org>","Cc":"Steve French <smfrench@gmail.com>, Ronnie Sahlberg <lsahlber@redhat.com>","Subject":"[PATCH] cifs: check rsp for NULL before dereferencing in SMB2_open","Date":"Fri,  8 Sep 2017 10:37:35 +1000","Message-Id":"<20170908003735.14789-1-lsahlber@redhat.com>","X-Scanned-By":"MIMEDefang 2.79 on 10.5.11.15","X-Greylist":"Sender IP whitelisted, not delayed by milter-greylist-4.5.16\n\t(mx1.redhat.com [10.5.110.27]);\n\tFri, 08 Sep 2017 00:37:49 +0000 (UTC)","Sender":"linux-cifs-owner@vger.kernel.org","Precedence":"bulk","List-ID":"<linux-cifs.vger.kernel.org>","X-Mailing-List":"linux-cifs@vger.kernel.org"},"content":"In SMB2_open there are several paths where the SendReceive2\ncall will return an error before it sets rsp_iov.iov_base\nthus leaving iov_base uninitialized.\n\nThus we need to check rsp before we dereference it in\nthe call to get_rfc1002_length().\n\nA report of this issue was previously reported in\nhttp://www.spinics.net/lists/linux-cifs/msg12846.html\n\nRH-bugzilla : 1476151\n\nVersion 2 :\n* Lets properly initialize rsp_iov before we use it.\n\nSigned-off-by: Ronnie Sahlberg <lsahlber@redhat.com>\n---\n fs/cifs/smb2pdu.c | 4 ++--\n 1 file changed, 2 insertions(+), 2 deletions(-)","diff":"diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c\nindex 97edb4d376cd..6e7d145d8b2f 100644\n--- a/fs/cifs/smb2pdu.c\n+++ b/fs/cifs/smb2pdu.c\n@@ -1617,7 +1617,7 @@ SMB2_open(const unsigned int xid, struct cifs_open_parms *oparms, __le16 *path,\n \tstruct cifs_tcon *tcon = oparms->tcon;\n \tstruct cifs_ses *ses = tcon->ses;\n \tstruct kvec iov[4];\n-\tstruct kvec rsp_iov;\n+\tstruct kvec rsp_iov = {NULL, 0};\n \tint resp_buftype;\n \tint uni_path_len;\n \t__le16 *copy_path = NULL;\n@@ -1746,7 +1746,7 @@ SMB2_open(const unsigned int xid, struct cifs_open_parms *oparms, __le16 *path,\n \n \tif (rc != 0) {\n \t\tcifs_stats_fail_inc(tcon, SMB2_CREATE_HE);\n-\t\tif (err_buf)\n+\t\tif (err_buf && rsp)\n \t\t\t*err_buf = kmemdup(rsp, get_rfc1002_length(rsp) + 4,\n \t\t\t\t\t   GFP_KERNEL);\n \t\tgoto creat_exit;\n","prefixes":[]}