Skip to content

K
Kernel

openeuler / Kernel
1 年多 前同步成功

通知 8
Star 0
Fork 0
K
Kernel
提交 63649bd7 编写于 作者: C Cyrill Gorcunov 提交者: Trond Myklebust
浏览文件
操作

NFS - fix potential NULL pointer dereference v2 

There is possible NULL pointer dereference if kstr[n]dup failed.
So fix them for safety.
Signed-off-by: NCyrill Gorcunov <gorcunov@gmail.com>
Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
上级 cd019f75
隐藏空白更改
内联 并排
Showing with 16 addition and 0 deletion
fs/nfs/super.c
浏览文件 @ 63649bd7
...@@ -1297,6 +1297,8 @@ static int nfs_validate_mount_data(void *options, ...@@ -1297,6 +1297,8 @@ static int nfs_validate_mount_data(void *options,
args->namlen = data->namlen; args->namlen = data->namlen;
args->bsize = data->bsize; args->bsize = data->bsize;
args->auth_flavors[0] = data->pseudoflavor; args->auth_flavors[0] = data->pseudoflavor;
if (!args->nfs_server.hostname)
goto out_nomem;
/* /*
* The legacy version 6 binary mount data from userspace has a * The legacy version 6 binary mount data from userspace has a
...@@ -1343,6 +1345,8 @@ static int nfs_validate_mount_data(void *options, ...@@ -1343,6 +1345,8 @@ static int nfs_validate_mount_data(void *options,
len = c - dev_name; len = c - dev_name;
/* N.B. caller will free nfs_server.hostname in all cases */ /* N.B. caller will free nfs_server.hostname in all cases */
args->nfs_server.hostname = kstrndup(dev_name, len, GFP_KERNEL); args->nfs_server.hostname = kstrndup(dev_name, len, GFP_KERNEL);
if (!args->nfs_server.hostname)
goto out_nomem;
c++; c++;
if (strlen(c) > NFS_MAXPATHLEN) if (strlen(c) > NFS_MAXPATHLEN)
...@@ -1386,6 +1390,10 @@ static int nfs_validate_mount_data(void *options, ...@@ -1386,6 +1390,10 @@ static int nfs_validate_mount_data(void *options,
return -EPROTONOSUPPORT; return -EPROTONOSUPPORT;
#endif /* !CONFIG_NFS_V3 */ #endif /* !CONFIG_NFS_V3 */
out_nomem:
dfprintk(MOUNT, "NFS: not enough memory to handle mount options\n");
return -ENOMEM;
out_no_address: out_no_address:
dfprintk(MOUNT, "NFS: mount program didn't pass remote address\n"); dfprintk(MOUNT, "NFS: mount program didn't pass remote address\n");
return -EINVAL; return -EINVAL;
...@@ -1892,12 +1900,16 @@ static int nfs4_validate_mount_data(void *options, ...@@ -1892,12 +1900,16 @@ static int nfs4_validate_mount_data(void *options,
return -ENAMETOOLONG; return -ENAMETOOLONG;
/* N.B. caller will free nfs_server.hostname in all cases */ /* N.B. caller will free nfs_server.hostname in all cases */
args->nfs_server.hostname = kstrndup(dev_name, len, GFP_KERNEL); args->nfs_server.hostname = kstrndup(dev_name, len, GFP_KERNEL);
if (!args->nfs_server.hostname)
goto out_nomem;
c++; /* step over the ':' */ c++; /* step over the ':' */
len = strlen(c); len = strlen(c);
if (len > NFS4_MAXPATHLEN) if (len > NFS4_MAXPATHLEN)
return -ENAMETOOLONG; return -ENAMETOOLONG;
args->nfs_server.export_path = kstrndup(c, len, GFP_KERNEL); args->nfs_server.export_path = kstrndup(c, len, GFP_KERNEL);
if (!args->nfs_server.export_path)
goto out_nomem;
dprintk("NFS: MNTPATH: '%s'\n", args->nfs_server.export_path); dprintk("NFS: MNTPATH: '%s'\n", args->nfs_server.export_path);
...@@ -1919,6 +1931,10 @@ static int nfs4_validate_mount_data(void *options, ...@@ -1919,6 +1931,10 @@ static int nfs4_validate_mount_data(void *options,
data->auth_flavourlen); data->auth_flavourlen);
return -EINVAL; return -EINVAL;
out_nomem:
dfprintk(MOUNT, "NFS4: not enough memory to handle mount options\n");
return -ENOMEM;
out_no_address: out_no_address:
dfprintk(MOUNT, "NFS4: mount program didn't pass remote address\n"); dfprintk(MOUNT, "NFS4: mount program didn't pass remote address\n");
return -EINVAL; return -EINVAL;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册