aboutsummaryrefslogtreecommitdiffstats
path: root/fs/autofs4
diff options
context:
space:
mode:
authorJesper Juhl <jj@chaosbits.net>2011-03-25 01:51:37 +0800
committerAl Viro <viro@zeniv.linux.org.uk>2011-03-24 14:54:35 -0400
commit3dc8fe4dca9cd3e4aa828ed36451e2bcfd2350da (patch)
tree9350ad63804b66df6f94781335d509aa5ae8f557 /fs/autofs4
parente7854723d0f3626f260c880d8db8e5136f29db19 (diff)
downloadkernel_samsung_smdk4412-3dc8fe4dca9cd3e4aa828ed36451e2bcfd2350da.zip
kernel_samsung_smdk4412-3dc8fe4dca9cd3e4aa828ed36451e2bcfd2350da.tar.gz
kernel_samsung_smdk4412-3dc8fe4dca9cd3e4aa828ed36451e2bcfd2350da.tar.bz2
autofs4: Do not potentially dereference NULL pointer returned by fget() in autofs_dev_ioctl_setpipefd()
In fs/autofs4/dev-ioctl.c::autofs_dev_ioctl_setpipefd() we call fget(), which may return NULL, but we do not explicitly test for that NULL return so we may end up dereferencing a NULL pointer - bad. When I originally submitted this patch I had chosen EBUSY as the return value to use if this happens. Ian Kent was kind enough to explain why that would most likely be wrong and why EBADF should most likely be used instead. This version of the patch uses EBADF. Signed-off-by: Jesper Juhl <jj@chaosbits.net> Signed-off-by: Ian Kent <raven@themaw.net> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'fs/autofs4')
-rw-r--r--fs/autofs4/dev-ioctl.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/fs/autofs4/dev-ioctl.c b/fs/autofs4/dev-ioctl.c
index 1442da4..509fe1e 100644
--- a/fs/autofs4/dev-ioctl.c
+++ b/fs/autofs4/dev-ioctl.c
@@ -372,6 +372,10 @@ static int autofs_dev_ioctl_setpipefd(struct file *fp,
return -EBUSY;
} else {
struct file *pipe = fget(pipefd);
+ if (!pipe) {
+ err = -EBADF;
+ goto out;
+ }
if (!pipe->f_op || !pipe->f_op->write) {
err = -EPIPE;
fput(pipe);