[PATCH] fs: kernfs: fix possible null pointer dereferences

From: youngjun
Date: Thu Apr 30 2020 - 07:20:58 EST

Next message: Alexander Graf: "Re: [PATCH v1 00/15] Add support for Nitro Enclaves"
Previous message: Mark Rutland: "Re: [PATCH] arm64: kexec_file: print appropriate variable"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

kernfs_path_from_node_locked checks buf is NULL.
But, two cases below are not covered.

if(!kn_to) <--- case1 (buf can be NULL)
return strlcpy(buf, "(null)", buflen);

if(kn_from == kn_to) <--- case2 (buf can be NULL)
return strlcpy(buf, "/", buflen);

if (!buf) <--- checked here.
return -EINVAL;

buf NULL case needs to be checked first.

Signed-off-by: youngjun <her0gyugyu@xxxxxxxxx>
---
fs/kernfs/dir.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/fs/kernfs/dir.c b/fs/kernfs/dir.c
index 02fb5cc76e33..d802cfceddba 100644
--- a/fs/kernfs/dir.c
+++ b/fs/kernfs/dir.c
@@ -128,6 +128,9 @@ static int kernfs_path_from_node_locked(struct kernfs_node *kn_to,
size_t depth_from, depth_to, len = 0;
int i, j;

+ if (!buf)
+ return -EINVAL;
+
if (!kn_to)
return strlcpy(buf, "(null)", buflen);

@@ -137,9 +140,6 @@ static int kernfs_path_from_node_locked(struct kernfs_node *kn_to,
if (kn_from == kn_to)
return strlcpy(buf, "/", buflen);

- if (!buf)
- return -EINVAL;
-
common = kernfs_common_ancestor(kn_from, kn_to);
if (WARN_ON(!common))
return -EINVAL;
--
2.17.1

Next message: Alexander Graf: "Re: [PATCH v1 00/15] Add support for Nitro Enclaves"
Previous message: Mark Rutland: "Re: [PATCH] arm64: kexec_file: print appropriate variable"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]