evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/fs/cifs
History
Yao Liu 8f983d2cbf cifs: Fix NULL pointer dereference of devname 
[ Upstream commit 68e2672f8fbd1e04982b8d2798dd318bf2515dd2 ]

There is a NULL pointer dereference of devname in strspn()

The oops looks something like:

  CIFS: Attempting to mount (null)
  BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
  ...
  RIP: 0010:strspn+0x0/0x50
  ...
  Call Trace:
   ? cifs_parse_mount_options+0x222/0x1710 [cifs]
   ? cifs_get_volume_info+0x2f/0x80 [cifs]
   cifs_setup_volume_info+0x20/0x190 [cifs]
   cifs_get_volume_info+0x50/0x80 [cifs]
   cifs_smb3_do_mount+0x59/0x630 [cifs]
   ? ida_alloc_range+0x34b/0x3d0
   cifs_do_mount+0x11/0x20 [cifs]
   mount_fs+0x52/0x170
   vfs_kern_mount+0x6b/0x170
   do_mount+0x216/0xdc0
   ksys_mount+0x83/0xd0
   __x64_sys_mount+0x25/0x30
   do_syscall_64+0x65/0x220
   entry_SYSCALL_64_after_hwframe+0x49/0xbe

Fix this by adding a NULL check on devname in cifs_parse_devname()

Signed-off-by: Yao Liu <yotta.liu@ucloud.cn>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2019-04-27 09:33:49 +02:00
..
asn1.c [CIFS] cifs: Rename cERROR and cFYI to cifs_dbg 2013-05-04 22:17:23 -05:00
cache.c [CIFS] cifs: Rename cERROR and cFYI to cifs_dbg 2013-05-04 22:17:23 -05:00
cifs_debug.c smb3: allow stats which track session and share reconnects to be reset 2018-11-21 09:27:35 +01:00
cifs_debug.h lib: update single-char callers of strtobool() 2016-10-28 03:01:30 -04:00
cifs_dfs_ref.c cifs: use correct format characters 2019-04-27 09:33:49 +02:00
cifs_fs_sb.h fs/cifs: make share unaccessible at root level mountable 2016-08-20 18:09:20 +02:00
cifs_ioctl.h Add way to query server fs info for smb3 2015-08-20 10:19:25 -05:00
cifs_spnego.c smb3: on kerberos mount if server doesn't specify auth type use krb5 2018-11-21 09:27:35 +01:00
cifs_spnego.h
cifs_unicode.c fs/cifs: don't translate SFM_SLASH (U+F026) to backslash 2018-10-10 08:52:11 +02:00
cifs_unicode.h CIFS: add misssing SFM mapping for doublequote 2017-05-20 14:27:01 +02:00
cifs_uniupr.h
cifsacl.c KEYS: Merge the type-specific data with the payload data 2015-10-21 15:18:36 +01:00
cifsacl.h cifs: fix SID binary to string conversion 2012-12-11 11:48:49 -06:00
cifsencrypt.c CIFS: zero sensitive data when freeing 2018-02-16 20:09:39 +01:00
cifsfs.c SMB3: GUIDs should be constructed as random but valid uuids 2016-10-28 03:01:32 -04:00
cifsfs.h Fix cifs_uniqueid_to_ino_t() function for s390x 2016-03-09 15:34:50 -08:00
cifsglob.h CIFS: Reconnect expired SMB sessions 2017-10-18 09:20:40 +02:00
cifspdu.h Add way to query server fs info for smb3 2015-08-20 10:19:25 -05:00
cifsproto.h CIFS: Fix a possible memory corruption during reconnect 2017-01-06 11:16:15 +01:00
cifssmb.c fs/cifs: suppress a string overflow warning 2018-10-10 08:52:12 +02:00
connect.c cifs: Fix NULL pointer dereference of devname 2019-04-27 09:33:49 +02:00
dir.c cifs: Fix separator when building path from dentry 2018-12-13 09:21:36 +01:00
dns_resolve.c cifs: fix composing of mount options for DFS referrals 2013-05-24 13:08:31 -05:00
dns_resolve.h
export.c [CIFS] cifs: Rename cERROR and cFYI to cifs_dbg 2013-05-04 22:17:23 -05:00
file.c CIFS: fix POSIX lock leak and invalid ptr deref 2019-04-27 09:33:47 +02:00
fscache.c NFS client updates for Linux 3.13 2013-11-08 05:57:46 +09:00
fscache.h CIFS: FS-Cache: Uncache unread pages in cifs_readpages() before freeing them 2013-09-18 10:17:03 -05:00
inode.c smb3: do not attempt cifs operation in smb3 query info error path 2018-11-21 09:27:35 +01:00
ioctl.c cifs: fix CIFS_IOC_GET_MNT_INFO oops 2017-05-20 14:27:01 +02:00
Kconfig Revert "cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs)" 2019-02-20 10:13:20 +01:00
link.c smb3: don't request leases in symlink creation and query 2018-09-05 09:18:37 +02:00
Makefile cifs: add new case-insensitive conversion routines that are based on wchar_t's 2013-09-08 14:38:05 -05:00
misc.c cifs: read overflow in is_valid_oplock_break() 2018-10-10 08:52:12 +02:00
netmisc.c cifs: small underflow in cnvrtDosUnixTm() 2018-03-24 10:58:46 +01:00
nterr.c CIFS: Rename 7 error codes to NT_ style 2012-07-24 10:25:10 -05:00
nterr.h CIFS: Rename 7 error codes to NT_ style 2012-07-24 10:25:10 -05:00
ntlmssp.h cifs: dynamic allocation of ntlmssp blob 2016-07-27 09:47:39 -07:00
readdir.c cifs: check ntwrk_buf_start for NULL before dereferencing it 2019-02-20 10:13:13 +01:00
rfc1002pdu.h
sess.c cifs: check kmalloc before use 2018-09-05 09:18:37 +02:00
smb1ops.c cifs: use correct format characters 2019-04-27 09:33:49 +02:00
smb2file.c cifs: Limit memory used by lock request calls to a page 2019-02-20 10:13:21 +01:00
smb2glob.h cifs: Limit the overall credit acquired 2016-10-28 03:01:32 -04:00
smb2inode.c smb3: Do not send SMB3 SET_INFO if nothing changed 2018-09-05 09:18:37 +02:00
smb2maperror.c CIFS: Fix error mapping for SMB2_LOCK command which caused OFD lock problem 2019-01-13 10:05:31 +01:00
smb2misc.c cifs: check if SMB2 PDU size has been padded and suppress the warning 2018-09-15 09:40:37 +02:00
smb2ops.c CIFS: Fix possible hang during async MTU reads and writes 2019-02-06 19:43:04 +01:00
smb2pdu.c CIFS: Do not count -ENODATA as failure for query directory 2019-02-06 19:43:06 +01:00
smb2pdu.h cifs: fix computation for MAX_SMB2_HDR_SIZE 2019-03-23 08:44:26 +01:00
smb2proto.h Handle mismatched open calls 2017-05-08 07:46:01 +02:00
smb2status.h CIFS: Add SMB2 status codes 2012-07-24 10:25:13 -05:00
smb2transport.c Handle mismatched open calls 2017-05-08 07:46:01 +02:00
smbencrypt.c cifs: use memzero_explicit to clear stack buffer 2015-01-19 15:32:13 -06:00
smberr.h
smbfsctl.h [SMB3] Send durable handle v2 contexts when use of persistent handles required 2015-11-03 09:26:27 -06:00
transport.c CIFS: Do not hide EINTR after sending network packets 2019-01-16 22:16:10 +01:00
winucase.c [CIFS] quiet sparse compile warning 2013-09-08 14:54:24 -05:00
xattr.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00