From: Marios Makassikis <mmakassikis@freebox.fr>
Date: Thu, 15 Apr 2021 01:24:56 +0000 (+0900)
Subject: cifsd: Fix potential null-ptr-deref in smb2_open()
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=e6b1059ffaeac794bf1a76fd35947c7c6ac4cb57;p=linux.git

cifsd: Fix potential null-ptr-deref in smb2_open()

Fix potential null-ptr-deref in smb2_open().

Signed-off-by: Marios Makassikis <mmakassikis@freebox.fr>
Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
---

diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c
index 1ff0b20ff7b82..ba552b8f2127d 100644
--- a/fs/cifsd/smb2pdu.c
+++ b/fs/cifsd/smb2pdu.c
@@ -2918,13 +2918,16 @@ int smb2_open(struct ksmbd_work *work)
 					fattr.cf_gid = inode->i_gid;
 					fattr.cf_mode = inode->i_mode;
 					fattr.cf_dacls = NULL;
+					ace_num = 0;
 
 					fattr.cf_acls = ksmbd_vfs_get_acl(inode, ACL_TYPE_ACCESS);
-					ace_num = fattr.cf_acls->a_count;
+					if (fattr.cf_acls)
+						ace_num = fattr.cf_acls->a_count;
 					if (S_ISDIR(inode->i_mode)) {
 						fattr.cf_dacls =
 							ksmbd_vfs_get_acl(inode, ACL_TYPE_DEFAULT);
-						ace_num += fattr.cf_dacls->a_count;
+						if (fattr.cf_dacls)
+							ace_num += fattr.cf_dacls->a_count;
 					}
 
 					pntsd = kmalloc(sizeof(struct smb_ntsd) +