From: Aurélien Aptel Date: Wed, 11 Oct 2017 11:23:36 +0000 (+0200) Subject: CIFS: Fix NULL pointer deref on SMB2_tcon() failure X-Git-Tag: v4.14-rc7~8^2~3 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=db3b5474f462e77b82ca1e27627f03c47b622c99;p=platform%2Fkernel%2Flinux-exynos.git CIFS: Fix NULL pointer deref on SMB2_tcon() failure If SendReceive2() fails rsp is set to NULL but is dereferenced in the error handling code. Cc: stable@vger.kernel.org Signed-off-by: Aurelien Aptel Reviewed-by: Pavel Shilovsky Signed-off-by: Steve French --- diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index fa17caa..3efcd96 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -1255,7 +1255,7 @@ SMB2_tcon(const unsigned int xid, struct cifs_ses *ses, const char *tree, struct smb2_tree_connect_req *req; struct smb2_tree_connect_rsp *rsp = NULL; struct kvec iov[2]; - struct kvec rsp_iov; + struct kvec rsp_iov = { NULL, 0 }; int rc = 0; int resp_buftype; int unc_path_len; @@ -1372,7 +1372,7 @@ tcon_exit: return rc; tcon_error_exit: - if (rsp->hdr.sync_hdr.Status == STATUS_BAD_NETWORK_NAME) { + if (rsp && rsp->hdr.sync_hdr.Status == STATUS_BAD_NETWORK_NAME) { cifs_dbg(VFS, "BAD_NETWORK_NAME: %s\n", tree); } goto tcon_exit;