提交 f1ebe48d 编写于 作者: S Shyam Prasad N 提交者: Steve French

cifs: If a corrupted DACL is returned by the server, bail out.

Static code analysis reported a possible null pointer dereference
in my last commit:
cifs: Retain old ACEs when converting between mode bits and ACL.

This could happen if the DACL returned by the server is corrupted.
We were trying to continue by assuming that the file has empty DACL.
We should bail out with an error instead.
Signed-off-by: NShyam Prasad N <sprasad@microsoft.com>
Reported-by: NColin Ian King <colin.king@canonical.com>
Reviewed-by: NRohith Surabattula <rohiths@microsoft.com>
Signed-off-by: NSteve French <stfrench@microsoft.com>
上级 f1a08655
无相关合并请求
......@@ -1275,8 +1275,8 @@ static int build_sec_desc(struct cifs_ntsd *pntsd, struct cifs_ntsd *pnntsd,
if (dacloffset) {
dacl_ptr = (struct cifs_acl *)((char *)pntsd + dacloffset);
if (end_of_acl < (char *)dacl_ptr + le16_to_cpu(dacl_ptr->size)) {
cifs_dbg(VFS, "Existing ACL size is wrong. Discarding old ACL\n");
dacl_ptr = NULL;
cifs_dbg(VFS, "Server returned illegal ACL size\n");
return -EINVAL;
}
}
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册
反馈
建议
客服 返回
顶部