[PATCH] cifs: fix missing null session check in mount

From: Steve French <smfrench@gmail.com>
To: CIFS <linux-cifs@vger.kernel.org>
Cc: Paulo Alcantara <pc@cjr.nz>
Subject: [PATCH] cifs: fix missing null session check in mount
Date: Tue, 13 Jul 2021 19:48:34 -0500	[thread overview]
Message-ID: <CAH2r5mtHpjjVVKFYKEkAZHG5U=-_umHwMhF2KDJjDSNgoa=Fxw@mail.gmail.com> (raw)

[-- Attachment #1: Type: text/plain, Size: 1048 bytes --]

Although it is unlikely to be have ended up with a null
session pointer calling cifs_try_adding_channels in cifs_mount.
Coverity correctly notes that we are already checking for
it earlier (when we return from do_dfs_failover), so at
a minimum to clarify the code we should make sure we also
check for it when we exit the loop so we don't end up calling
cifs_try_adding_channels or mount_setup_tlink with a null
ses pointer.

Addresses-Coverity: 1505608 ("Derefernce after null check")
Reviewed-off-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Signed-off-by: Steve French <stfrench@microsoft.com>
---
 fs/cifs/connect.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index db6c607269f5..463cae116c12 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -3577,7 +3577,7 @@ int cifs_mount(struct cifs_sb_info *cifs_sb,
struct smb3_fs_context *ctx)
  rc = -ELOOP;
  } while (rc == -EREMOTE);

- if (rc || !tcon)
+ if (rc || !tcon || !ses)
  goto error;

  kfree(ref_path);

-- 
Thanks,

Steve

[-- Attachment #2: 0001-cifs-fix-missing-null-session-check-in-mount.patch --]
[-- Type: text/x-patch, Size: 1258 bytes --]

From 8b755ad38c72d2dc39fd6e9110d03aa132498571 Mon Sep 17 00:00:00 2001
From: Steve French <stfrench@microsoft.com>
Date: Tue, 13 Jul 2021 19:40:33 -0500
Subject: [PATCH] cifs: fix missing null session check in mount

Although it is unlikely to be have ended up with a null
session pointer calling cifs_try_adding_channels in cifs_mount.
Coverity correctly notes that we are already checking for
it earlier (when we return from do_dfs_failover), so at
a minimum to clarify the code we should make sure we also
check for it when we exit the loop so we don't end up calling
cifs_try_adding_channels or mount_setup_tlink with a null
ses pointer.

Addresses-Coverity: 1505608 ("Derefernce after null check")
Reviewed-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Signed-off-by: Steve French <stfrench@microsoft.com>
---
 fs/cifs/connect.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index db6c607269f5..463cae116c12 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -3577,7 +3577,7 @@ int cifs_mount(struct cifs_sb_info *cifs_sb, struct smb3_fs_context *ctx)
 			rc = -ELOOP;
 	} while (rc == -EREMOTE);
 
-	if (rc || !tcon)
+	if (rc || !tcon || !ses)
 		goto error;
 
 	kfree(ref_path);
-- 
2.30.2

