smb: client: fix potential NULL deref in parse_dfs_referrals()
stable inclusion from stable-v6.6.7 commit 5ac34ba42e9aba7fc82997f778802b954efced33 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I8SSQ4 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=5ac34ba42e9aba7fc82997f778802b954efced33 -------------------------------- commit 92414333eb375ed64f4ae92d34d579e826936480 upstream. If server returned no data for FSCTL_DFS_GET_REFERRALS, @dfs_rsp will remain NULL and then parse_dfs_referrals() will dereference it. Fix this by returning -EIO when no output data is returned. Besides, we can't fix it in SMB2_ioctl() as some FSCTLs are allowed to return no data as per MS-SMB2 2.2.32. Fixes: 9d49640a ("CIFS: implement get_dfs_refer for SMB2+") Cc: stable@vger.kernel.org Reported-by:Robert Morris <rtm@csail.mit.edu> Signed-off-by:
Loading
Please sign in to comment