diff options
author | Cyrill Gorcunov <gorcunov@gmail.com> | 2008-04-17 12:42:09 -0400 |
---|---|---|
committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2008-04-19 16:55:22 -0400 |
commit | 63649bd7080a6a50fabcb1935f4b7c4e64155066 (patch) | |
tree | 84e398f5d3f191526dd511c112391befbd46dfda | |
parent | cd019f7517206a74d8cdb64d5c82b1f76be608cc (diff) |
NFS - fix potential NULL pointer dereference v2
There is possible NULL pointer dereference if kstr[n]dup failed.
So fix them for safety.
Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
-rw-r--r-- | fs/nfs/super.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/fs/nfs/super.c b/fs/nfs/super.c index c99ca1f992ce..2215bcd24bd2 100644 --- a/fs/nfs/super.c +++ b/fs/nfs/super.c | |||
@@ -1297,6 +1297,8 @@ static int nfs_validate_mount_data(void *options, | |||
1297 | args->namlen = data->namlen; | 1297 | args->namlen = data->namlen; |
1298 | args->bsize = data->bsize; | 1298 | args->bsize = data->bsize; |
1299 | args->auth_flavors[0] = data->pseudoflavor; | 1299 | args->auth_flavors[0] = data->pseudoflavor; |
1300 | if (!args->nfs_server.hostname) | ||
1301 | goto out_nomem; | ||
1300 | 1302 | ||
1301 | /* | 1303 | /* |
1302 | * The legacy version 6 binary mount data from userspace has a | 1304 | * The legacy version 6 binary mount data from userspace has a |
@@ -1343,6 +1345,8 @@ static int nfs_validate_mount_data(void *options, | |||
1343 | len = c - dev_name; | 1345 | len = c - dev_name; |
1344 | /* N.B. caller will free nfs_server.hostname in all cases */ | 1346 | /* N.B. caller will free nfs_server.hostname in all cases */ |
1345 | args->nfs_server.hostname = kstrndup(dev_name, len, GFP_KERNEL); | 1347 | args->nfs_server.hostname = kstrndup(dev_name, len, GFP_KERNEL); |
1348 | if (!args->nfs_server.hostname) | ||
1349 | goto out_nomem; | ||
1346 | 1350 | ||
1347 | c++; | 1351 | c++; |
1348 | if (strlen(c) > NFS_MAXPATHLEN) | 1352 | if (strlen(c) > NFS_MAXPATHLEN) |
@@ -1386,6 +1390,10 @@ out_v3_not_compiled: | |||
1386 | return -EPROTONOSUPPORT; | 1390 | return -EPROTONOSUPPORT; |
1387 | #endif /* !CONFIG_NFS_V3 */ | 1391 | #endif /* !CONFIG_NFS_V3 */ |
1388 | 1392 | ||
1393 | out_nomem: | ||
1394 | dfprintk(MOUNT, "NFS: not enough memory to handle mount options\n"); | ||
1395 | return -ENOMEM; | ||
1396 | |||
1389 | out_no_address: | 1397 | out_no_address: |
1390 | dfprintk(MOUNT, "NFS: mount program didn't pass remote address\n"); | 1398 | dfprintk(MOUNT, "NFS: mount program didn't pass remote address\n"); |
1391 | return -EINVAL; | 1399 | return -EINVAL; |
@@ -1892,12 +1900,16 @@ static int nfs4_validate_mount_data(void *options, | |||
1892 | return -ENAMETOOLONG; | 1900 | return -ENAMETOOLONG; |
1893 | /* N.B. caller will free nfs_server.hostname in all cases */ | 1901 | /* N.B. caller will free nfs_server.hostname in all cases */ |
1894 | args->nfs_server.hostname = kstrndup(dev_name, len, GFP_KERNEL); | 1902 | args->nfs_server.hostname = kstrndup(dev_name, len, GFP_KERNEL); |
1903 | if (!args->nfs_server.hostname) | ||
1904 | goto out_nomem; | ||
1895 | 1905 | ||
1896 | c++; /* step over the ':' */ | 1906 | c++; /* step over the ':' */ |
1897 | len = strlen(c); | 1907 | len = strlen(c); |
1898 | if (len > NFS4_MAXPATHLEN) | 1908 | if (len > NFS4_MAXPATHLEN) |
1899 | return -ENAMETOOLONG; | 1909 | return -ENAMETOOLONG; |
1900 | args->nfs_server.export_path = kstrndup(c, len, GFP_KERNEL); | 1910 | args->nfs_server.export_path = kstrndup(c, len, GFP_KERNEL); |
1911 | if (!args->nfs_server.export_path) | ||
1912 | goto out_nomem; | ||
1901 | 1913 | ||
1902 | dprintk("NFS: MNTPATH: '%s'\n", args->nfs_server.export_path); | 1914 | dprintk("NFS: MNTPATH: '%s'\n", args->nfs_server.export_path); |
1903 | 1915 | ||
@@ -1919,6 +1931,10 @@ out_inval_auth: | |||
1919 | data->auth_flavourlen); | 1931 | data->auth_flavourlen); |
1920 | return -EINVAL; | 1932 | return -EINVAL; |
1921 | 1933 | ||
1934 | out_nomem: | ||
1935 | dfprintk(MOUNT, "NFS4: not enough memory to handle mount options\n"); | ||
1936 | return -ENOMEM; | ||
1937 | |||
1922 | out_no_address: | 1938 | out_no_address: |
1923 | dfprintk(MOUNT, "NFS4: mount program didn't pass remote address\n"); | 1939 | dfprintk(MOUNT, "NFS4: mount program didn't pass remote address\n"); |
1924 | return -EINVAL; | 1940 | return -EINVAL; |