fs: nfs: Fix possible null-pointer dereferences in encode_attrs()

[ Upstream commit e2751463eaa6f9fec8fea80abbdc62dbc487b3c5 ] In encode_attrs(), there is an if statement on line 1145 to check whether label is NULL: if (label && (attrmask[2] & FATTR4_WORD2_SECURITY_LABEL)) When label is NULL, it is used on lines 1178-1181: *p++ = cpu_to_be32(label->lfs); *p++ = cpu_to_be32(label->pi); *p++ = cpu_to_be32(label->len); p = xdr_encode_opaque_fixed(p, label->label, label->len); To fix these bugs, label is checked before being used. These bugs are found by a static analysis tool STCheck written by us. Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com> Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
author: Jia-Ju Bai <baijiaju1990@gmail.com> 2019-07-26 15:48:53 +0800
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-10-11 18:36:27 +0200
commit: 902003c34a9dc1aa9a3177224879ef402426c5a3 (patch)
tree: 7ea3201ba514f2be1ddd6a6cc6074dfe041b6987 /fs/nfs/nfs4xdr.c
parent: 688965a58cb3ebf0d003ff9de5e1f03168b2b0ef (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/nfs/nfs4xdr.c b/fs/nfs/nfs4xdr.c
index 46a8d636d151..ab07db0f07cd 100644
--- a/fs/nfs/nfs4xdr.c
+++ b/fs/nfs/nfs4xdr.c
@@ -1174,7 +1174,7 @@ static void encode_attrs(struct xdr_stream *xdr, const struct iattr *iap,
 		} else
 			*p++ = cpu_to_be32(NFS4_SET_TO_SERVER_TIME);
 	}
-	if (bmval[2] & FATTR4_WORD2_SECURITY_LABEL) {
+	if (label && (bmval[2] & FATTR4_WORD2_SECURITY_LABEL)) {
 		*p++ = cpu_to_be32(label->lfs);
 		*p++ = cpu_to_be32(label->pi);
 		*p++ = cpu_to_be32(label->len);
author	Jia-Ju Bai <baijiaju1990@gmail.com>	2019-07-26 15:48:53 +0800
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2019-10-11 18:36:27 +0200
commit	902003c34a9dc1aa9a3177224879ef402426c5a3 (patch)
tree	7ea3201ba514f2be1ddd6a6cc6074dfe041b6987 /fs/nfs/nfs4xdr.c
parent	688965a58cb3ebf0d003ff9de5e1f03168b2b0ef (diff)