NFS - fix potential NULL pointer dereference v2 (63649bd7) · Commits · e / devices / android_kernel_fairphone_FP3

fs/nfs/super.c

+16 −0

Original line number	Original line	Diff line number	Diff line
	@@ -1297,6 +1297,8 @@ static int nfs_validate_mount_data(void *options,
	args->namlen = data->namlen;		args->namlen = data->namlen;
	args->bsize = data->bsize;		args->bsize = data->bsize;
	args->auth_flavors[0] = data->pseudoflavor;		args->auth_flavors[0] = data->pseudoflavor;
			if (!args->nfs_server.hostname)
			goto out_nomem;

	/*		/*
	* The legacy version 6 binary mount data from userspace has a		* The legacy version 6 binary mount data from userspace has a
	@@ -1343,6 +1345,8 @@ static int nfs_validate_mount_data(void *options,
	len = c - dev_name;		len = c - dev_name;
	/* N.B. caller will free nfs_server.hostname in all cases */		/* N.B. caller will free nfs_server.hostname in all cases */
	args->nfs_server.hostname = kstrndup(dev_name, len, GFP_KERNEL);		args->nfs_server.hostname = kstrndup(dev_name, len, GFP_KERNEL);
			if (!args->nfs_server.hostname)
			goto out_nomem;

	c++;		c++;
	if (strlen(c) > NFS_MAXPATHLEN)		if (strlen(c) > NFS_MAXPATHLEN)
	@@ -1386,6 +1390,10 @@ static int nfs_validate_mount_data(void *options,
	return -EPROTONOSUPPORT;		return -EPROTONOSUPPORT;
	#endif /* !CONFIG_NFS_V3 */		#endif /* !CONFIG_NFS_V3 */

			out_nomem:
			dfprintk(MOUNT, "NFS: not enough memory to handle mount options\n");
			return -ENOMEM;

	out_no_address:		out_no_address:
	dfprintk(MOUNT, "NFS: mount program didn't pass remote address\n");		dfprintk(MOUNT, "NFS: mount program didn't pass remote address\n");
	return -EINVAL;		return -EINVAL;
	@@ -1892,12 +1900,16 @@ static int nfs4_validate_mount_data(void *options,
	return -ENAMETOOLONG;		return -ENAMETOOLONG;
	/* N.B. caller will free nfs_server.hostname in all cases */		/* N.B. caller will free nfs_server.hostname in all cases */
	args->nfs_server.hostname = kstrndup(dev_name, len, GFP_KERNEL);		args->nfs_server.hostname = kstrndup(dev_name, len, GFP_KERNEL);
			if (!args->nfs_server.hostname)
			goto out_nomem;

	c++; /* step over the ':' */		c++; /* step over the ':' */
	len = strlen(c);		len = strlen(c);
	if (len > NFS4_MAXPATHLEN)		if (len > NFS4_MAXPATHLEN)
	return -ENAMETOOLONG;		return -ENAMETOOLONG;
	args->nfs_server.export_path = kstrndup(c, len, GFP_KERNEL);		args->nfs_server.export_path = kstrndup(c, len, GFP_KERNEL);
			if (!args->nfs_server.export_path)
			goto out_nomem;

	dprintk("NFS: MNTPATH: '%s'\n", args->nfs_server.export_path);		dprintk("NFS: MNTPATH: '%s'\n", args->nfs_server.export_path);

	@@ -1919,6 +1931,10 @@ static int nfs4_validate_mount_data(void *options,
	data->auth_flavourlen);		data->auth_flavourlen);
	return -EINVAL;		return -EINVAL;

			out_nomem:
			dfprintk(MOUNT, "NFS4: not enough memory to handle mount options\n");
			return -ENOMEM;

	out_no_address:		out_no_address:
	dfprintk(MOUNT, "NFS4: mount program didn't pass remote address\n");		dfprintk(MOUNT, "NFS4: mount program didn't pass remote address\n");
	return -EINVAL;		return -EINVAL;