mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
47 lines
1.6 KiB
Diff
47 lines
1.6 KiB
Diff
From: Andreas Gruenbacher <agruen@suse.de>
|
|
Subject: nfs NULL nameidata check?
|
|
|
|
nfs_lookup() checks for NULL nameidata in one place, but not in another. In
|
|
nfs_sillyrename() it calls lookup_one_len() -> __lookup_hash(), which passes
|
|
in a NULL nameidata to nfs_lookup(). Unless I'm overlooking something,
|
|
fs/nfs/dir.c:923 will dereference this NULL pointer if the sillyrenamed file
|
|
exists?
|
|
|
|
Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
|
|
|
|
---
|
|
fs/nfs/dir.c | 12 ++++++------
|
|
1 file changed, 6 insertions(+), 6 deletions(-)
|
|
|
|
--- a/fs/nfs/dir.c
|
|
+++ b/fs/nfs/dir.c
|
|
@@ -880,15 +880,15 @@ int nfs_is_exclusive_create(struct inode
|
|
return (nd->intent.open.flags & O_EXCL) != 0;
|
|
}
|
|
|
|
-static inline int nfs_reval_fsid(struct vfsmount *mnt, struct inode *dir,
|
|
+static inline int nfs_reval_fsid(struct nameidata *nd, struct inode *dir,
|
|
struct nfs_fh *fh, struct nfs_fattr *fattr)
|
|
{
|
|
struct nfs_server *server = NFS_SERVER(dir);
|
|
|
|
- if (!nfs_fsid_equal(&server->fsid, &fattr->fsid))
|
|
- /* Revalidate fsid on root dir */
|
|
- return __nfs_revalidate_inode(server, mnt->mnt_root->d_inode);
|
|
- return 0;
|
|
+ if (nd == NULL || nfs_fsid_equal(&server->fsid, &fattr->fsid))
|
|
+ return 0;
|
|
+ /* Revalidate fsid on root dir */
|
|
+ return __nfs_revalidate_inode(server, nd->mnt->mnt_root->d_inode);
|
|
}
|
|
|
|
static struct dentry *nfs_lookup(struct inode *dir, struct dentry * dentry, struct nameidata *nd)
|
|
@@ -929,7 +929,7 @@ static struct dentry *nfs_lookup(struct
|
|
res = ERR_PTR(error);
|
|
goto out_unlock;
|
|
}
|
|
- error = nfs_reval_fsid(nd->mnt, dir, &fhandle, &fattr);
|
|
+ error = nfs_reval_fsid(nd, dir, &fhandle, &fattr);
|
|
if (error < 0) {
|
|
res = ERR_PTR(error);
|
|
goto out_unlock;
|