|
 |
e427d2 |
From c976fd2e72678a171693d2b6333c2c499ef4d588 Mon Sep 17 00:00:00 2001
|
|
|
e427d2 |
From: Lukas Czerner <lczerner@redhat.com>
|
|
|
e427d2 |
Date: Fri, 6 Aug 2021 11:58:20 +0200
|
|
|
e427d2 |
Subject: [PATCH 44/46] libsupport: fix potental NULL pointer dereferences in
|
|
|
e427d2 |
quota functions
|
|
|
e427d2 |
Content-Type: text/plain
|
|
|
e427d2 |
|
|
|
e427d2 |
get_dq() function can fail when the memory allocation fails and so we
|
|
|
e427d2 |
could end up dereferencing NULL pointer. Fix it.
|
|
|
e427d2 |
|
|
|
e427d2 |
Signed-off-by: Lukas Czerner <lczerner@redhat.com>
|
|
|
e427d2 |
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
|
e427d2 |
---
|
|
|
e427d2 |
lib/support/mkquota.c | 8 ++++++--
|
|
|
e427d2 |
lib/support/quotaio_tree.c | 2 +-
|
|
|
e427d2 |
2 files changed, 7 insertions(+), 3 deletions(-)
|
|
|
e427d2 |
|
|
|
e427d2 |
diff --git a/lib/support/mkquota.c b/lib/support/mkquota.c
|
|
|
e427d2 |
index ef50c9ab..280b1046 100644
|
|
|
e427d2 |
--- a/lib/support/mkquota.c
|
|
|
e427d2 |
+++ b/lib/support/mkquota.c
|
|
|
e427d2 |
@@ -432,7 +432,8 @@ void quota_data_sub(quota_ctx_t qctx, struct ext2_inode_large *inode,
|
|
|
e427d2 |
dict = qctx->quota_dict[qtype];
|
|
|
e427d2 |
if (dict) {
|
|
|
e427d2 |
dq = get_dq(dict, get_qid(inode, qtype));
|
|
|
e427d2 |
- dq->dq_dqb.dqb_curspace -= space;
|
|
|
e427d2 |
+ if (dq)
|
|
|
e427d2 |
+ dq->dq_dqb.dqb_curspace -= space;
|
|
|
e427d2 |
}
|
|
|
e427d2 |
}
|
|
|
e427d2 |
}
|
|
|
e427d2 |
@@ -459,7 +460,8 @@ void quota_data_inodes(quota_ctx_t qctx, struct ext2_inode_large *inode,
|
|
|
e427d2 |
dict = qctx->quota_dict[qtype];
|
|
|
e427d2 |
if (dict) {
|
|
|
e427d2 |
dq = get_dq(dict, get_qid(inode, qtype));
|
|
|
e427d2 |
- dq->dq_dqb.dqb_curinodes += adjust;
|
|
|
e427d2 |
+ if (dq)
|
|
|
e427d2 |
+ dq->dq_dqb.dqb_curinodes += adjust;
|
|
|
e427d2 |
}
|
|
|
e427d2 |
}
|
|
|
e427d2 |
}
|
|
|
e427d2 |
@@ -532,6 +534,8 @@ static int scan_dquots_callback(struct dquot *dquot, void *cb_data)
|
|
|
e427d2 |
struct dquot *dq;
|
|
|
e427d2 |
|
|
|
e427d2 |
dq = get_dq(quota_dict, dquot->dq_id);
|
|
|
e427d2 |
+ if (!dq)
|
|
|
e427d2 |
+ return -1;
|
|
|
e427d2 |
dq->dq_id = dquot->dq_id;
|
|
|
e427d2 |
dq->dq_flags |= DQF_SEEN;
|
|
|
e427d2 |
|
|
|
e427d2 |
diff --git a/lib/support/quotaio_tree.c b/lib/support/quotaio_tree.c
|
|
|
e427d2 |
index 6cc4fb5b..5910e637 100644
|
|
|
e427d2 |
--- a/lib/support/quotaio_tree.c
|
|
|
e427d2 |
+++ b/lib/support/quotaio_tree.c
|
|
|
e427d2 |
@@ -601,7 +601,7 @@ static int report_tree(struct dquot *dquot, unsigned int blk, int depth,
|
|
|
e427d2 |
__le32 *ref = (__le32 *) buf;
|
|
|
e427d2 |
|
|
|
e427d2 |
if (!buf)
|
|
|
e427d2 |
- return 0;
|
|
|
e427d2 |
+ return -1;
|
|
|
e427d2 |
|
|
|
e427d2 |
read_blk(dquot->dq_h, blk, buf);
|
|
|
e427d2 |
if (depth == QT_TREEDEPTH - 1) {
|
|
|
e427d2 |
--
|
|
|
e427d2 |
2.35.1
|
|
|
e427d2 |
|