aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorCyrill Gorcunov <gorcunov@gmail.com>2008-04-17 12:42:09 -0400
committerTrond Myklebust <Trond.Myklebust@netapp.com>2008-04-19 16:55:22 -0400
commit63649bd7080a6a50fabcb1935f4b7c4e64155066 (patch)
tree84e398f5d3f191526dd511c112391befbd46dfda
parentcd019f7517206a74d8cdb64d5c82b1f76be608cc (diff)
NFS - fix potential NULL pointer dereference v2
There is possible NULL pointer dereference if kstr[n]dup failed. So fix them for safety. Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
-rw-r--r--fs/nfs/super.c16
1 files changed, 16 insertions, 0 deletions
diff --git a/fs/nfs/super.c b/fs/nfs/super.c
index c99ca1f992ce..2215bcd24bd2 100644
--- a/fs/nfs/super.c
+++ b/fs/nfs/super.c
@@ -1297,6 +1297,8 @@ static int nfs_validate_mount_data(void *options,
1297 args->namlen = data->namlen; 1297 args->namlen = data->namlen;
1298 args->bsize = data->bsize; 1298 args->bsize = data->bsize;
1299 args->auth_flavors[0] = data->pseudoflavor; 1299 args->auth_flavors[0] = data->pseudoflavor;
1300 if (!args->nfs_server.hostname)
1301 goto out_nomem;
1300 1302
1301 /* 1303 /*
1302 * The legacy version 6 binary mount data from userspace has a 1304 * The legacy version 6 binary mount data from userspace has a
@@ -1343,6 +1345,8 @@ static int nfs_validate_mount_data(void *options,
1343 len = c - dev_name; 1345 len = c - dev_name;
1344 /* N.B. caller will free nfs_server.hostname in all cases */ 1346 /* N.B. caller will free nfs_server.hostname in all cases */
1345 args->nfs_server.hostname = kstrndup(dev_name, len, GFP_KERNEL); 1347 args->nfs_server.hostname = kstrndup(dev_name, len, GFP_KERNEL);
1348 if (!args->nfs_server.hostname)
1349 goto out_nomem;
1346 1350
1347 c++; 1351 c++;
1348 if (strlen(c) > NFS_MAXPATHLEN) 1352 if (strlen(c) > NFS_MAXPATHLEN)
@@ -1386,6 +1390,10 @@ out_v3_not_compiled:
1386 return -EPROTONOSUPPORT; 1390 return -EPROTONOSUPPORT;
1387#endif /* !CONFIG_NFS_V3 */ 1391#endif /* !CONFIG_NFS_V3 */
1388 1392
1393out_nomem:
1394 dfprintk(MOUNT, "NFS: not enough memory to handle mount options\n");
1395 return -ENOMEM;
1396
1389out_no_address: 1397out_no_address:
1390 dfprintk(MOUNT, "NFS: mount program didn't pass remote address\n"); 1398 dfprintk(MOUNT, "NFS: mount program didn't pass remote address\n");
1391 return -EINVAL; 1399 return -EINVAL;
@@ -1892,12 +1900,16 @@ static int nfs4_validate_mount_data(void *options,
1892 return -ENAMETOOLONG; 1900 return -ENAMETOOLONG;
1893 /* N.B. caller will free nfs_server.hostname in all cases */ 1901 /* N.B. caller will free nfs_server.hostname in all cases */
1894 args->nfs_server.hostname = kstrndup(dev_name, len, GFP_KERNEL); 1902 args->nfs_server.hostname = kstrndup(dev_name, len, GFP_KERNEL);
1903 if (!args->nfs_server.hostname)
1904 goto out_nomem;
1895 1905
1896 c++; /* step over the ':' */ 1906 c++; /* step over the ':' */
1897 len = strlen(c); 1907 len = strlen(c);
1898 if (len > NFS4_MAXPATHLEN) 1908 if (len > NFS4_MAXPATHLEN)
1899 return -ENAMETOOLONG; 1909 return -ENAMETOOLONG;
1900 args->nfs_server.export_path = kstrndup(c, len, GFP_KERNEL); 1910 args->nfs_server.export_path = kstrndup(c, len, GFP_KERNEL);
1911 if (!args->nfs_server.export_path)
1912 goto out_nomem;
1901 1913
1902 dprintk("NFS: MNTPATH: '%s'\n", args->nfs_server.export_path); 1914 dprintk("NFS: MNTPATH: '%s'\n", args->nfs_server.export_path);
1903 1915
@@ -1919,6 +1931,10 @@ out_inval_auth:
1919 data->auth_flavourlen); 1931 data->auth_flavourlen);
1920 return -EINVAL; 1932 return -EINVAL;
1921 1933
1934out_nomem:
1935 dfprintk(MOUNT, "NFS4: not enough memory to handle mount options\n");
1936 return -ENOMEM;
1937
1922out_no_address: 1938out_no_address:
1923 dfprintk(MOUNT, "NFS4: mount program didn't pass remote address\n"); 1939 dfprintk(MOUNT, "NFS4: mount program didn't pass remote address\n");
1924 return -EINVAL; 1940 return -EINVAL;