summaryrefslogtreecommitdiffstats
path: root/net/9p
diff options
context:
space:
mode:
authorTomas Bortoli <tomasbortoli@gmail.com>2018-07-27 07:05:58 -0400
committerDominique Martinet <dominique.martinet@cea.fr>2018-08-12 20:34:58 -0400
commit10aa14527f458e9867cf3d2cc6b8cb0f6704448b (patch)
tree528cd65953fc42890ac1e51ff452d148133a2734 /net/9p
parent3111784bee81591ea2815011688d28b65df03627 (diff)
9p: fix multiple NULL-pointer-dereferences
Added checks to prevent GPFs from raising. Link: http://lkml.kernel.org/r/20180727110558.5479-1-tomasbortoli@gmail.com Signed-off-by: Tomas Bortoli <tomasbortoli@gmail.com> Reported-by: syzbot+1a262da37d3bead15c39@syzkaller.appspotmail.com Cc: stable@vger.kernel.org Signed-off-by: Dominique Martinet <dominique.martinet@cea.fr>
Diffstat (limited to 'net/9p')
-rw-r--r--net/9p/trans_fd.c5
-rw-r--r--net/9p/trans_rdma.c3
-rw-r--r--net/9p/trans_virtio.c3
-rw-r--r--net/9p/trans_xen.c3
4 files changed, 13 insertions, 1 deletions
diff --git a/net/9p/trans_fd.c b/net/9p/trans_fd.c
index 964260265b13..e2ef3c782c53 100644
--- a/net/9p/trans_fd.c
+++ b/net/9p/trans_fd.c
@@ -945,7 +945,7 @@ p9_fd_create_tcp(struct p9_client *client, const char *addr, char *args)
945 if (err < 0) 945 if (err < 0)
946 return err; 946 return err;
947 947
948 if (valid_ipaddr4(addr) < 0) 948 if (addr == NULL || valid_ipaddr4(addr) < 0)
949 return -EINVAL; 949 return -EINVAL;
950 950
951 csocket = NULL; 951 csocket = NULL;
@@ -995,6 +995,9 @@ p9_fd_create_unix(struct p9_client *client, const char *addr, char *args)
995 995
996 csocket = NULL; 996 csocket = NULL;
997 997
998 if (addr == NULL)
999 return -EINVAL;
1000
998 if (strlen(addr) >= UNIX_PATH_MAX) { 1001 if (strlen(addr) >= UNIX_PATH_MAX) {
999 pr_err("%s (%d): address too long: %s\n", 1002 pr_err("%s (%d): address too long: %s\n",
1000 __func__, task_pid_nr(current), addr); 1003 __func__, task_pid_nr(current), addr);
diff --git a/net/9p/trans_rdma.c b/net/9p/trans_rdma.c
index 2649b2ebf961..2ab4574183c9 100644
--- a/net/9p/trans_rdma.c
+++ b/net/9p/trans_rdma.c
@@ -645,6 +645,9 @@ rdma_create_trans(struct p9_client *client, const char *addr, char *args)
645 struct rdma_conn_param conn_param; 645 struct rdma_conn_param conn_param;
646 struct ib_qp_init_attr qp_attr; 646 struct ib_qp_init_attr qp_attr;
647 647
648 if (addr == NULL)
649 return -EINVAL;
650
648 /* Parse the transport specific mount options */ 651 /* Parse the transport specific mount options */
649 err = parse_opts(args, &opts); 652 err = parse_opts(args, &opts);
650 if (err < 0) 653 if (err < 0)
diff --git a/net/9p/trans_virtio.c b/net/9p/trans_virtio.c
index 06dcd3cc6a29..8ca356eb66bb 100644
--- a/net/9p/trans_virtio.c
+++ b/net/9p/trans_virtio.c
@@ -654,6 +654,9 @@ p9_virtio_create(struct p9_client *client, const char *devname, char *args)
654 int ret = -ENOENT; 654 int ret = -ENOENT;
655 int found = 0; 655 int found = 0;
656 656
657 if (devname == NULL)
658 return -EINVAL;
659
657 mutex_lock(&virtio_9p_lock); 660 mutex_lock(&virtio_9p_lock);
658 list_for_each_entry(chan, &virtio_chan_list, chan_list) { 661 list_for_each_entry(chan, &virtio_chan_list, chan_list) {
659 if (!strncmp(devname, chan->tag, chan->tag_len) && 662 if (!strncmp(devname, chan->tag, chan->tag_len) &&
diff --git a/net/9p/trans_xen.c b/net/9p/trans_xen.c
index 2e2b8bca54f3..c2d54ac76bfd 100644
--- a/net/9p/trans_xen.c
+++ b/net/9p/trans_xen.c
@@ -94,6 +94,9 @@ static int p9_xen_create(struct p9_client *client, const char *addr, char *args)
94{ 94{
95 struct xen_9pfs_front_priv *priv; 95 struct xen_9pfs_front_priv *priv;
96 96
97 if (addr == NULL)
98 return -EINVAL;
99
97 read_lock(&xen_9pfs_lock); 100 read_lock(&xen_9pfs_lock);
98 list_for_each_entry(priv, &xen_9pfs_devs, list) { 101 list_for_each_entry(priv, &xen_9pfs_devs, list) {
99 if (!strcmp(priv->tag, addr)) { 102 if (!strcmp(priv->tag, addr)) {
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-04 07:57:55 -0500