[packages/kernel] - fix possible null dereference in posix acl in various fs

lkrotowski lkrotowski at pld-linux.org
Wed May 14 13:01:00 CEST 2014 

commit 8c7ec0f236765cbdb6414f4b5384a0fc09bbfb08
Author: Łukasz Krotowski <lkrotowski at pld-linux.org>
Date:   Wed May 14 12:56:48 2014 +0200

    - fix possible null dereference in posix acl in various fs

 kernel-small_fixes.patch | 41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
---
diff --git a/kernel-small_fixes.patch b/kernel-small_fixes.patch
index ab5a074..556d581 100644
--- a/kernel-small_fixes.patch
+++ b/kernel-small_fixes.patch
@@ -219,3 +219,44 @@ index 4e565c8..732648b 100644
 -- 
 cgit v0.10.1
 
+From 50c6e282bdf5e8dabf8d7cf7b162545a55645fd9 Mon Sep 17 00:00:00 2001
+From: Christoph Hellwig <hch at lst.de>
+Date: Sun, 4 May 2014 13:03:32 +0200
+Subject: posix_acl: handle NULL ACL in posix_acl_equiv_mode
+
+Various filesystems don't bother checking for a NULL ACL in
+posix_acl_equiv_mode, and thus can dereference a NULL pointer when it
+gets passed one. This usually happens from the NFS server, as the ACL tools
+never pass a NULL ACL, but instead of one representing the mode bits.
+
+Instead of adding boilerplat to all filesystems put this check into one place,
+which will allow us to remove the check from other filesystems as well later
+on.
+
+Signed-off-by: Christoph Hellwig <hch at lst.de>
+Reported-by: Ben Greear <greearb at candelatech.com>
+Reported-by: Marco Munderloh <munderl at tnt.uni-hannover.de>,
+Cc: Chuck Lever <chuck.lever at oracle.com>
+Cc: stable at vger.kernel.org
+Signed-off-by: Al Viro <viro at zeniv.linux.org.uk>
+
+diff --git a/fs/posix_acl.c b/fs/posix_acl.c
+index 9e363e4..0855f77 100644
+--- a/fs/posix_acl.c
++++ b/fs/posix_acl.c
+@@ -246,6 +246,12 @@ posix_acl_equiv_mode(const struct posix_acl *acl, umode_t *mode_p)
+ 	umode_t mode = 0;
+ 	int not_equiv = 0;
+ 
++	/*
++	 * A null ACL can always be presented as mode bits.
++	 */
++	if (!acl)
++		return 0;
++
+ 	FOREACH_ACL_ENTRY(pa, acl, pe) {
+ 		switch (pa->e_tag) {
+ 			case ACL_USER_OBJ:
+-- 
+cgit v0.10.1
+
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/kernel.git/commitdiff/8c7ec0f236765cbdb6414f4b5384a0fc09bbfb08

More information about the pld-cvs-commit mailing list