diff options
| author | Makar Semyonov <m.semenov@tssltd.ru> | 2025-09-04 15:28:41 +0300 |
|---|---|---|
| committer | Steve French <stfrench@microsoft.com> | 2025-09-04 11:43:31 -0500 |
| commit | 70bccd9855dae56942f2b18a08ba137bb54093a0 (patch) | |
| tree | b3a165f697f4ddcf9bda392999aef504753c51ec | |
| parent | 91be128b496c0de60a7dceb70d34935a29d38bbd (diff) | |
cifs: prevent NULL pointer dereference in UTF16 conversion
There can be a NULL pointer dereference bug here. NULL is passed to
__cifs_sfu_make_node without checks, which passes it unchecked to
cifs_strndup_to_utf16, which in turn passes it to
cifs_local_to_utf16_bytes where '*from' is dereferenced, causing a crash.
This patch adds a check for NULL 'src' in cifs_strndup_to_utf16 and
returns NULL early to prevent dereferencing NULL pointer.
Found by Linux Verification Center (linuxtesting.org) with SVACE
Signed-off-by: Makar Semyonov <m.semenov@tssltd.ru>
Cc: stable@vger.kernel.org
Signed-off-by: Steve French <stfrench@microsoft.com>
| -rw-r--r-- | fs/smb/client/cifs_unicode.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/fs/smb/client/cifs_unicode.c b/fs/smb/client/cifs_unicode.c index 4cc6e0896fad..f8659d36793f 100644 --- a/fs/smb/client/cifs_unicode.c +++ b/fs/smb/client/cifs_unicode.c @@ -629,6 +629,9 @@ cifs_strndup_to_utf16(const char *src, const int maxlen, int *utf16_len, int len; __le16 *dst; + if (!src) + return NULL; + len = cifs_local_to_utf16_bytes(src, maxlen, cp); len += 2; /* NULL */ dst = kmalloc(len, GFP_KERNEL); |