diff options
| author | Sage Weil <sage@newdream.net> | 2010-11-22 22:58:06 -0800 |
|---|---|---|
| committer | Sage Weil <sage@newdream.net> | 2010-12-01 14:15:31 -0800 |
| commit | 884ea892763d4dfba509743f65961c782c0442db (patch) | |
| tree | 92a7f5b67aa06cf32457ccb2b69c28c528a48c15 /fs/ceph | |
| parent | 3561d43fd289f590fdae672e5eb831b8d5cf0bf6 (diff) | |
| download | kernel_samsung_aries-884ea892763d4dfba509743f65961c782c0442db.zip kernel_samsung_aries-884ea892763d4dfba509743f65961c782c0442db.tar.gz kernel_samsung_aries-884ea892763d4dfba509743f65961c782c0442db.tar.bz2 | |
ceph: avoid possible null deref in readdir after dir llseek
last may be NULL, but we dereference it in the else branch without
checking. Normally it doesn't trigger because last == NULL when fpos == 2,
but it could happen on a newly opened dir if the user seeks forward.
Reported-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Sage Weil <sage@newdream.net>
Diffstat (limited to 'fs/ceph')
| -rw-r--r-- | fs/ceph/dir.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c index 7d447af..158c700 100644 --- a/fs/ceph/dir.c +++ b/fs/ceph/dir.c @@ -114,8 +114,8 @@ static int __dcache_readdir(struct file *filp, spin_lock(&dcache_lock); /* start at beginning? */ - if (filp->f_pos == 2 || (last && - filp->f_pos < ceph_dentry(last)->offset)) { + if (filp->f_pos == 2 || last == NULL || + filp->f_pos < ceph_dentry(last)->offset) { if (list_empty(&parent->d_subdirs)) goto out_unlock; p = parent->d_subdirs.prev; |