cifs: If a corrupted DACL is returned by the server, bail out.

Static code analysis reported a possible null pointer dereference in my last commit: cifs: Retain old ACEs when converting between mode bits and ACL. This could happen if the DACL returned by the server is corrupted. We were trying to continue by assuming that the file has empty DACL. We should bail out with an error instead. Signed-off-by: Shyam Prasad N <[email protected]> Reported-by: Colin Ian King <[email protected]> Reviewed-by: Rohith Surabattula <[email protected]> Signed-off-by: Steve French <[email protected]>
author: Shyam Prasad N <[email protected]> 2021-02-24 15:04:02 +0000
committer: Steve French <[email protected]> 2021-02-24 11:41:43 -0600
commit: f1ebe48dd3490adeff63b2d86ac7567aa018bd5d (patch)
tree: 9e8d525a14e86978e22059ea5e2f3c5bf55458c5
parent: f1a08655cc4f6f2233448e11e2499321728f0849 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/fs/cifs/cifsacl.c b/fs/cifs/cifsacl.c
index 0806ae784061..9d29eb9660c2 100644
--- a/fs/cifs/cifsacl.c
+++ b/fs/cifs/cifsacl.c
@@ -1275,8 +1275,8 @@ static int build_sec_desc(struct cifs_ntsd *pntsd, struct cifs_ntsd *pnntsd,
 	if (dacloffset) {
 		dacl_ptr = (struct cifs_acl *)((char *)pntsd + dacloffset);
 		if (end_of_acl < (char *)dacl_ptr + le16_to_cpu(dacl_ptr->size)) {
-			cifs_dbg(VFS, "Existing ACL size is wrong. Discarding old ACL\n");
-			dacl_ptr = NULL;
+			cifs_dbg(VFS, "Server returned illegal ACL size\n");
+			return -EINVAL;
 		}
 	}
author	Shyam Prasad N <[email protected]>	2021-02-24 15:04:02 +0000
committer	Steve French <[email protected]>	2021-02-24 11:41:43 -0600
commit	f1ebe48dd3490adeff63b2d86ac7567aa018bd5d (patch)
tree	9e8d525a14e86978e22059ea5e2f3c5bf55458c5
parent	f1a08655cc4f6f2233448e11e2499321728f0849 (diff)