* re: cifs: Retain old ACEs when converting between mode bits and ACL.
@ 2021-02-24 12:43 Colin Ian King
2021-02-24 14:39 ` [EXTERNAL] " Shyam Prasad
0 siblings, 1 reply; 4+ messages in thread
From: Colin Ian King @ 2021-02-24 12:43 UTC (permalink / raw)
To: Shyam Prasad N; +Cc: Steve French, linux-cifs, samba-technical, linux-kernel
Hi,
Static analysis on linux-next with Coverity had detected a potential
null pointer dereference with the following commit:
commit f5065508897a922327f32223082325d10b069ebc
Author: Shyam Prasad N <sprasad@microsoft.com>
Date: Fri Feb 12 04:38:43 2021 -0800
cifs: Retain old ACEs when converting between mode bits and ACL.
The analysis is as follows:
1258 /* Convert permission bits from mode to equivalent CIFS ACL */
1259 static int build_sec_desc(struct cifs_ntsd *pntsd, struct cifs_ntsd
*pnntsd,
1260 __u32 secdesclen, __u32 *pnsecdesclen, __u64 *pnmode, kuid_t
uid, kgid_t gid,
1261 bool mode_from_sid, bool id_from_sid, int *aclflag)
1262 {
1263 int rc = 0;
1264 __u32 dacloffset;
1265 __u32 ndacloffset;
1266 __u32 sidsoffset;
1267 struct cifs_sid *owner_sid_ptr, *group_sid_ptr;
1268 struct cifs_sid *nowner_sid_ptr = NULL, *ngroup_sid_ptr = NULL;
1. assign_zero: Assigning: dacl_ptr = NULL.
1269 struct cifs_acl *dacl_ptr = NULL; /* no need for SACL ptr */
1270 struct cifs_acl *ndacl_ptr = NULL; /* no need for SACL ptr */
1271 char *end_of_acl = ((char *)pntsd) + secdesclen;
1272 u16 size = 0;
1273
1274 dacloffset = le32_to_cpu(pntsd->dacloffset);
2. Condition dacloffset, taking false branch.
1275 if (dacloffset) {
1276 dacl_ptr = (struct cifs_acl *)((char *)pntsd +
dacloffset);
1277 if (end_of_acl < (char *)dacl_ptr +
le16_to_cpu(dacl_ptr->size)) {
1278 cifs_dbg(VFS, "Existing ACL size is wrong.
Discarding old ACL\n");
1279 dacl_ptr = NULL;
NOTE: dacl_ptr is set to NULL and dacloffset is true
1280 }
1281 }
1282
1283 owner_sid_ptr = (struct cifs_sid *)((char *)pntsd +
1284 le32_to_cpu(pntsd->osidoffset));
1285 group_sid_ptr = (struct cifs_sid *)((char *)pntsd +
1286 le32_to_cpu(pntsd->gsidoffset));
1287
3. Condition pnmode, taking true branch.
4. Condition *pnmode != 18446744073709551615ULL, taking false
branch.
1288 if (pnmode && *pnmode != NO_CHANGE_64) { /* chmod */
1289 ndacloffset = sizeof(struct cifs_ntsd);
1290 ndacl_ptr = (struct cifs_acl *)((char *)pnntsd +
ndacloffset);
1291 ndacl_ptr->revision =
1292 dacloffset ? dacl_ptr->revision :
cpu_to_le16(ACL_REVISION);
1293
1294 ndacl_ptr->size = cpu_to_le16(0);
1295 ndacl_ptr->num_aces = cpu_to_le32(0);
1296
1297 rc = set_chmod_dacl(dacl_ptr, ndacl_ptr,
owner_sid_ptr, group_sid_ptr,
1298 pnmode, mode_from_sid);
1299
1300 sidsoffset = ndacloffset + le16_to_cpu(ndacl_ptr->size);
1301 /* copy the non-dacl portion of secdesc */
1302 *pnsecdesclen = copy_sec_desc(pntsd, pnntsd, sidsoffset,
1303 NULL, NULL);
1304
1305 *aclflag |= CIFS_ACL_DACL;
1306 } else {
1307 ndacloffset = sizeof(struct cifs_ntsd);
1308 ndacl_ptr = (struct cifs_acl *)((char *)pnntsd +
ndacloffset);
5. Condition dacloffset, taking false branch.
1309 ndacl_ptr->revision =
1310 dacloffset ? dacl_ptr->revision :
cpu_to_le16(ACL_REVISION);
Explicit null dereferenced (FORWARD_NULL)
6. var_deref_op: Dereferencing null pointer dacl_ptr.
1311 ndacl_ptr->num_aces = dacl_ptr->num_aces;
Line 1309..1311, when dacloffset and dacl_ptr is null we hit a null ptr
dereference on dacl_ptr.
^ permalink raw reply [flat|nested] 4+ messages in thread
* RE: [EXTERNAL] re: cifs: Retain old ACEs when converting between mode bits and ACL.
2021-02-24 12:43 cifs: Retain old ACEs when converting between mode bits and ACL Colin Ian King
@ 2021-02-24 14:39 ` Shyam Prasad
2021-02-24 16:56 ` Shyam Prasad N
0 siblings, 1 reply; 4+ messages in thread
From: Shyam Prasad @ 2021-02-24 14:39 UTC (permalink / raw)
To: Colin Ian King; +Cc: Steve French, linux-cifs, samba-technical, linux-kernel
Hi Colin,
Thanks for reporting this. I'll submit a fix.
Regards,
Shyam
-----Original Message-----
From: Colin Ian King <colin.king@canonical.com>
Sent: Wednesday, February 24, 2021 6:14 PM
To: Shyam Prasad <Shyam.Prasad@microsoft.com>
Cc: Steve French <sfrench@samba.org>; linux-cifs@vger.kernel.org; samba-technical@lists.samba.org; linux-kernel@vger.kernel.org
Subject: [EXTERNAL] re: cifs: Retain old ACEs when converting between mode bits and ACL.
Hi,
Static analysis on linux-next with Coverity had detected a potential null pointer dereference with the following commit:
commit f5065508897a922327f32223082325d10b069ebc
Author: Shyam Prasad N <sprasad@microsoft.com>
Date: Fri Feb 12 04:38:43 2021 -0800
cifs: Retain old ACEs when converting between mode bits and ACL.
The analysis is as follows:
1258 /* Convert permission bits from mode to equivalent CIFS ACL */
1259 static int build_sec_desc(struct cifs_ntsd *pntsd, struct cifs_ntsd *pnntsd,
1260 __u32 secdesclen, __u32 *pnsecdesclen, __u64 *pnmode, kuid_t
uid, kgid_t gid,
1261 bool mode_from_sid, bool id_from_sid, int *aclflag)
1262 {
1263 int rc = 0;
1264 __u32 dacloffset;
1265 __u32 ndacloffset;
1266 __u32 sidsoffset;
1267 struct cifs_sid *owner_sid_ptr, *group_sid_ptr;
1268 struct cifs_sid *nowner_sid_ptr = NULL, *ngroup_sid_ptr = NULL;
1. assign_zero: Assigning: dacl_ptr = NULL.
1269 struct cifs_acl *dacl_ptr = NULL; /* no need for SACL ptr */
1270 struct cifs_acl *ndacl_ptr = NULL; /* no need for SACL ptr */
1271 char *end_of_acl = ((char *)pntsd) + secdesclen;
1272 u16 size = 0;
1273
1274 dacloffset = le32_to_cpu(pntsd->dacloffset);
2. Condition dacloffset, taking false branch.
1275 if (dacloffset) {
1276 dacl_ptr = (struct cifs_acl *)((char *)pntsd +
dacloffset);
1277 if (end_of_acl < (char *)dacl_ptr +
le16_to_cpu(dacl_ptr->size)) {
1278 cifs_dbg(VFS, "Existing ACL size is wrong.
Discarding old ACL\n");
1279 dacl_ptr = NULL;
NOTE: dacl_ptr is set to NULL and dacloffset is true
1280 }
1281 }
1282
1283 owner_sid_ptr = (struct cifs_sid *)((char *)pntsd +
1284 le32_to_cpu(pntsd->osidoffset));
1285 group_sid_ptr = (struct cifs_sid *)((char *)pntsd +
1286 le32_to_cpu(pntsd->gsidoffset));
1287
3. Condition pnmode, taking true branch.
4. Condition *pnmode != 18446744073709551615ULL, taking false branch.
1288 if (pnmode && *pnmode != NO_CHANGE_64) { /* chmod */
1289 ndacloffset = sizeof(struct cifs_ntsd);
1290 ndacl_ptr = (struct cifs_acl *)((char *)pnntsd +
ndacloffset);
1291 ndacl_ptr->revision =
1292 dacloffset ? dacl_ptr->revision :
cpu_to_le16(ACL_REVISION);
1293
1294 ndacl_ptr->size = cpu_to_le16(0);
1295 ndacl_ptr->num_aces = cpu_to_le32(0);
1296
1297 rc = set_chmod_dacl(dacl_ptr, ndacl_ptr,
owner_sid_ptr, group_sid_ptr,
1298 pnmode, mode_from_sid);
1299
1300 sidsoffset = ndacloffset + le16_to_cpu(ndacl_ptr->size);
1301 /* copy the non-dacl portion of secdesc */
1302 *pnsecdesclen = copy_sec_desc(pntsd, pnntsd, sidsoffset,
1303 NULL, NULL);
1304
1305 *aclflag |= CIFS_ACL_DACL;
1306 } else {
1307 ndacloffset = sizeof(struct cifs_ntsd);
1308 ndacl_ptr = (struct cifs_acl *)((char *)pnntsd +
ndacloffset);
5. Condition dacloffset, taking false branch.
1309 ndacl_ptr->revision =
1310 dacloffset ? dacl_ptr->revision :
cpu_to_le16(ACL_REVISION);
Explicit null dereferenced (FORWARD_NULL)
6. var_deref_op: Dereferencing null pointer dacl_ptr.
1311 ndacl_ptr->num_aces = dacl_ptr->num_aces;
Line 1309..1311, when dacloffset and dacl_ptr is null we hit a null ptr dereference on dacl_ptr.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [EXTERNAL] re: cifs: Retain old ACEs when converting between mode bits and ACL.
2021-02-24 14:39 ` [EXTERNAL] " Shyam Prasad
@ 2021-02-24 16:56 ` Shyam Prasad N
2021-02-24 18:21 ` Steve French
0 siblings, 1 reply; 4+ messages in thread
From: Shyam Prasad N @ 2021-02-24 16:56 UTC (permalink / raw)
To: Shyam Prasad, rohiths msft
Cc: Colin Ian King, Steve French, linux-cifs, samba-technical, linux-kernel
[-- Attachment #1: Type: text/plain, Size: 4779 bytes --]
Hi Steve,
Please accept this fix for the bug that Colin pointed out.
This can be hit if the server has a corrupted SD, or it got corrupted
over the network.
We used to ignore the ACL in such a case (which in combination with my
patches caused the issue). But I think we should be returning an error
immediately.
Regards,
Shyam
On Wed, Feb 24, 2021 at 7:16 AM Shyam Prasad <Shyam.Prasad@microsoft.com> wrote:
>
> Hi Colin,
>
> Thanks for reporting this. I'll submit a fix.
>
> Regards,
> Shyam
>
> -----Original Message-----
> From: Colin Ian King <colin.king@canonical.com>
> Sent: Wednesday, February 24, 2021 6:14 PM
> To: Shyam Prasad <Shyam.Prasad@microsoft.com>
> Cc: Steve French <sfrench@samba.org>; linux-cifs@vger.kernel.org; samba-technical@lists.samba.org; linux-kernel@vger.kernel.org
> Subject: [EXTERNAL] re: cifs: Retain old ACEs when converting between mode bits and ACL.
>
> Hi,
>
> Static analysis on linux-next with Coverity had detected a potential null pointer dereference with the following commit:
>
> commit f5065508897a922327f32223082325d10b069ebc
> Author: Shyam Prasad N <sprasad@microsoft.com>
> Date: Fri Feb 12 04:38:43 2021 -0800
>
> cifs: Retain old ACEs when converting between mode bits and ACL.
>
> The analysis is as follows:
>
> 1258 /* Convert permission bits from mode to equivalent CIFS ACL */
> 1259 static int build_sec_desc(struct cifs_ntsd *pntsd, struct cifs_ntsd *pnntsd,
> 1260 __u32 secdesclen, __u32 *pnsecdesclen, __u64 *pnmode, kuid_t
> uid, kgid_t gid,
> 1261 bool mode_from_sid, bool id_from_sid, int *aclflag)
> 1262 {
> 1263 int rc = 0;
> 1264 __u32 dacloffset;
> 1265 __u32 ndacloffset;
> 1266 __u32 sidsoffset;
> 1267 struct cifs_sid *owner_sid_ptr, *group_sid_ptr;
> 1268 struct cifs_sid *nowner_sid_ptr = NULL, *ngroup_sid_ptr = NULL;
>
> 1. assign_zero: Assigning: dacl_ptr = NULL.
>
> 1269 struct cifs_acl *dacl_ptr = NULL; /* no need for SACL ptr */
> 1270 struct cifs_acl *ndacl_ptr = NULL; /* no need for SACL ptr */
> 1271 char *end_of_acl = ((char *)pntsd) + secdesclen;
> 1272 u16 size = 0;
> 1273
> 1274 dacloffset = le32_to_cpu(pntsd->dacloffset);
>
> 2. Condition dacloffset, taking false branch.
>
> 1275 if (dacloffset) {
> 1276 dacl_ptr = (struct cifs_acl *)((char *)pntsd +
> dacloffset);
> 1277 if (end_of_acl < (char *)dacl_ptr +
> le16_to_cpu(dacl_ptr->size)) {
> 1278 cifs_dbg(VFS, "Existing ACL size is wrong.
> Discarding old ACL\n");
> 1279 dacl_ptr = NULL;
>
> NOTE: dacl_ptr is set to NULL and dacloffset is true
>
> 1280 }
> 1281 }
> 1282
> 1283 owner_sid_ptr = (struct cifs_sid *)((char *)pntsd +
> 1284 le32_to_cpu(pntsd->osidoffset));
> 1285 group_sid_ptr = (struct cifs_sid *)((char *)pntsd +
> 1286 le32_to_cpu(pntsd->gsidoffset));
> 1287
>
> 3. Condition pnmode, taking true branch.
> 4. Condition *pnmode != 18446744073709551615ULL, taking false branch.
>
> 1288 if (pnmode && *pnmode != NO_CHANGE_64) { /* chmod */
> 1289 ndacloffset = sizeof(struct cifs_ntsd);
> 1290 ndacl_ptr = (struct cifs_acl *)((char *)pnntsd +
> ndacloffset);
> 1291 ndacl_ptr->revision =
> 1292 dacloffset ? dacl_ptr->revision :
> cpu_to_le16(ACL_REVISION);
> 1293
> 1294 ndacl_ptr->size = cpu_to_le16(0);
> 1295 ndacl_ptr->num_aces = cpu_to_le32(0);
> 1296
> 1297 rc = set_chmod_dacl(dacl_ptr, ndacl_ptr,
> owner_sid_ptr, group_sid_ptr,
> 1298 pnmode, mode_from_sid);
> 1299
> 1300 sidsoffset = ndacloffset + le16_to_cpu(ndacl_ptr->size);
> 1301 /* copy the non-dacl portion of secdesc */
> 1302 *pnsecdesclen = copy_sec_desc(pntsd, pnntsd, sidsoffset,
> 1303 NULL, NULL);
> 1304
> 1305 *aclflag |= CIFS_ACL_DACL;
> 1306 } else {
> 1307 ndacloffset = sizeof(struct cifs_ntsd);
> 1308 ndacl_ptr = (struct cifs_acl *)((char *)pnntsd +
> ndacloffset);
>
> 5. Condition dacloffset, taking false branch.
>
> 1309 ndacl_ptr->revision =
> 1310 dacloffset ? dacl_ptr->revision :
> cpu_to_le16(ACL_REVISION);
>
> Explicit null dereferenced (FORWARD_NULL)
>
> 6. var_deref_op: Dereferencing null pointer dacl_ptr.
>
> 1311 ndacl_ptr->num_aces = dacl_ptr->num_aces;
>
>
> Line 1309..1311, when dacloffset and dacl_ptr is null we hit a null ptr dereference on dacl_ptr.
>
--
Regards,
Shyam
[-- Attachment #2: 0001-cifs-If-a-corrupted-DACL-is-returned-by-the-server-b.patch --]
[-- Type: application/octet-stream, Size: 1340 bytes --]
From b9f89a12d845e3b8fb80179e0c225d5e7ec633b5 Mon Sep 17 00:00:00 2001
From: Shyam Prasad N <sprasad@microsoft.com>
Date: Wed, 24 Feb 2021 15:04:02 +0000
Subject: [PATCH] cifs: If a corrupted DACL is returned by the server, bail
out.
Static code analysis reported a possible null pointer dereference
in my last commit:
cifs: Retain old ACEs when converting between mode bits and ACL.
This could happen if the DACL returned by the server is corrupted.
We were trying to continue by assuming that the file has empty DACL.
We should bail out with an error instead.
Signed-off-by: Shyam Prasad N <sprasad@microsoft.com>
Reported-by: Colin Ian King <colin.king@canonical.com>
---
fs/cifs/cifsacl.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/cifs/cifsacl.c b/fs/cifs/cifsacl.c
index 0806ae784061..9d29eb9660c2 100644
--- a/fs/cifs/cifsacl.c
+++ b/fs/cifs/cifsacl.c
@@ -1275,8 +1275,8 @@ static int build_sec_desc(struct cifs_ntsd *pntsd, struct cifs_ntsd *pnntsd,
if (dacloffset) {
dacl_ptr = (struct cifs_acl *)((char *)pntsd + dacloffset);
if (end_of_acl < (char *)dacl_ptr + le16_to_cpu(dacl_ptr->size)) {
- cifs_dbg(VFS, "Existing ACL size is wrong. Discarding old ACL\n");
- dacl_ptr = NULL;
+ cifs_dbg(VFS, "Server returned illegal ACL size\n");
+ return -EINVAL;
}
}
--
2.25.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [EXTERNAL] re: cifs: Retain old ACEs when converting between mode bits and ACL.
2021-02-24 16:56 ` Shyam Prasad N
@ 2021-02-24 18:21 ` Steve French
0 siblings, 0 replies; 4+ messages in thread
From: Steve French @ 2021-02-24 18:21 UTC (permalink / raw)
To: Shyam Prasad N
Cc: Shyam Prasad, rohiths msft, Steve French, Colin Ian King,
samba-technical, linux-kernel, linux-cifs
Add the RB from Rohith and merged into cifs-2.6.git for-next
On Wed, Feb 24, 2021 at 10:58 AM Shyam Prasad N via samba-technical
<samba-technical@lists.samba.org> wrote:
>
> Hi Steve,
>
> Please accept this fix for the bug that Colin pointed out.
> This can be hit if the server has a corrupted SD, or it got corrupted
> over the network.
> We used to ignore the ACL in such a case (which in combination with my
> patches caused the issue). But I think we should be returning an error
> immediately.
>
> Regards,
> Shyam
>
> On Wed, Feb 24, 2021 at 7:16 AM Shyam Prasad <Shyam.Prasad@microsoft.com> wrote:
> >
> > Hi Colin,
> >
> > Thanks for reporting this. I'll submit a fix.
> >
> > Regards,
> > Shyam
> >
> > -----Original Message-----
> > From: Colin Ian King <colin.king@canonical.com>
> > Sent: Wednesday, February 24, 2021 6:14 PM
> > To: Shyam Prasad <Shyam.Prasad@microsoft.com>
> > Cc: Steve French <sfrench@samba.org>; linux-cifs@vger.kernel.org; samba-technical@lists.samba.org; linux-kernel@vger.kernel.org
> > Subject: [EXTERNAL] re: cifs: Retain old ACEs when converting between mode bits and ACL.
> >
> > Hi,
> >
> > Static analysis on linux-next with Coverity had detected a potential null pointer dereference with the following commit:
> >
> > commit f5065508897a922327f32223082325d10b069ebc
> > Author: Shyam Prasad N <sprasad@microsoft.com>
> > Date: Fri Feb 12 04:38:43 2021 -0800
> >
> > cifs: Retain old ACEs when converting between mode bits and ACL.
> >
> > The analysis is as follows:
> >
> > 1258 /* Convert permission bits from mode to equivalent CIFS ACL */
> > 1259 static int build_sec_desc(struct cifs_ntsd *pntsd, struct cifs_ntsd *pnntsd,
> > 1260 __u32 secdesclen, __u32 *pnsecdesclen, __u64 *pnmode, kuid_t
> > uid, kgid_t gid,
> > 1261 bool mode_from_sid, bool id_from_sid, int *aclflag)
> > 1262 {
> > 1263 int rc = 0;
> > 1264 __u32 dacloffset;
> > 1265 __u32 ndacloffset;
> > 1266 __u32 sidsoffset;
> > 1267 struct cifs_sid *owner_sid_ptr, *group_sid_ptr;
> > 1268 struct cifs_sid *nowner_sid_ptr = NULL, *ngroup_sid_ptr = NULL;
> >
> > 1. assign_zero: Assigning: dacl_ptr = NULL.
> >
> > 1269 struct cifs_acl *dacl_ptr = NULL; /* no need for SACL ptr */
> > 1270 struct cifs_acl *ndacl_ptr = NULL; /* no need for SACL ptr */
> > 1271 char *end_of_acl = ((char *)pntsd) + secdesclen;
> > 1272 u16 size = 0;
> > 1273
> > 1274 dacloffset = le32_to_cpu(pntsd->dacloffset);
> >
> > 2. Condition dacloffset, taking false branch.
> >
> > 1275 if (dacloffset) {
> > 1276 dacl_ptr = (struct cifs_acl *)((char *)pntsd +
> > dacloffset);
> > 1277 if (end_of_acl < (char *)dacl_ptr +
> > le16_to_cpu(dacl_ptr->size)) {
> > 1278 cifs_dbg(VFS, "Existing ACL size is wrong.
> > Discarding old ACL\n");
> > 1279 dacl_ptr = NULL;
> >
> > NOTE: dacl_ptr is set to NULL and dacloffset is true
> >
> > 1280 }
> > 1281 }
> > 1282
> > 1283 owner_sid_ptr = (struct cifs_sid *)((char *)pntsd +
> > 1284 le32_to_cpu(pntsd->osidoffset));
> > 1285 group_sid_ptr = (struct cifs_sid *)((char *)pntsd +
> > 1286 le32_to_cpu(pntsd->gsidoffset));
> > 1287
> >
> > 3. Condition pnmode, taking true branch.
> > 4. Condition *pnmode != 18446744073709551615ULL, taking false branch.
> >
> > 1288 if (pnmode && *pnmode != NO_CHANGE_64) { /* chmod */
> > 1289 ndacloffset = sizeof(struct cifs_ntsd);
> > 1290 ndacl_ptr = (struct cifs_acl *)((char *)pnntsd +
> > ndacloffset);
> > 1291 ndacl_ptr->revision =
> > 1292 dacloffset ? dacl_ptr->revision :
> > cpu_to_le16(ACL_REVISION);
> > 1293
> > 1294 ndacl_ptr->size = cpu_to_le16(0);
> > 1295 ndacl_ptr->num_aces = cpu_to_le32(0);
> > 1296
> > 1297 rc = set_chmod_dacl(dacl_ptr, ndacl_ptr,
> > owner_sid_ptr, group_sid_ptr,
> > 1298 pnmode, mode_from_sid);
> > 1299
> > 1300 sidsoffset = ndacloffset + le16_to_cpu(ndacl_ptr->size);
> > 1301 /* copy the non-dacl portion of secdesc */
> > 1302 *pnsecdesclen = copy_sec_desc(pntsd, pnntsd, sidsoffset,
> > 1303 NULL, NULL);
> > 1304
> > 1305 *aclflag |= CIFS_ACL_DACL;
> > 1306 } else {
> > 1307 ndacloffset = sizeof(struct cifs_ntsd);
> > 1308 ndacl_ptr = (struct cifs_acl *)((char *)pnntsd +
> > ndacloffset);
> >
> > 5. Condition dacloffset, taking false branch.
> >
> > 1309 ndacl_ptr->revision =
> > 1310 dacloffset ? dacl_ptr->revision :
> > cpu_to_le16(ACL_REVISION);
> >
> > Explicit null dereferenced (FORWARD_NULL)
> >
> > 6. var_deref_op: Dereferencing null pointer dacl_ptr.
> >
> > 1311 ndacl_ptr->num_aces = dacl_ptr->num_aces;
> >
> >
> > Line 1309..1311, when dacloffset and dacl_ptr is null we hit a null ptr dereference on dacl_ptr.
> >
>
>
> --
> Regards,
> Shyam
--
Thanks,
Steve
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-02-24 18:22 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-24 12:43 cifs: Retain old ACEs when converting between mode bits and ACL Colin Ian King
2021-02-24 14:39 ` [EXTERNAL] " Shyam Prasad
2021-02-24 16:56 ` Shyam Prasad N
2021-02-24 18:21 ` Steve French
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).