tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

autofs4: Do not potentially dereference NULL pointer returned by fget() in autofs_dev_ioctl_setpipefd()

In fs/autofs4/dev-ioctl.c::autofs_dev_ioctl_setpipefd() we call fget(),
which may return NULL, but we do not explicitly test for that NULL return
so we may end up dereferencing a NULL pointer - bad.

When I originally submitted this patch I had chosen EBUSY as the return
value to use if this happens. Ian Kent was kind enough to explain why that
would most likely be wrong and why EBADF should most likely be used
instead. This version of the patch uses EBADF.

Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Signed-off-by: Ian Kent <raven@themaw.net>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

authored by

Jesper Juhl and committed by
Al Viro 3dc8fe4d e7854723

+4
unified split
+4
fs/autofs4/dev-ioctl.c
··· 372 return -EBUSY; 373 } else { 374 struct file *pipe = fget(pipefd); 375 if (!pipe->f_op || !pipe->f_op->write) { 376 err = -EPIPE; 377 fput(pipe);
··· 372 return -EBUSY; 373 } else { 374 struct file *pipe = fget(pipefd); 375 + if (!pipe) { 376 + err = -EBADF; 377 + goto out; 378 + } 379 if (!pipe->f_op || !pipe->f_op->write) { 380 err = -EPIPE; 381 fput(pipe);