Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm / b228b8e5bf96b740a70871c1a248bb65c267f5f2^! / .
commitb228b8e5bf96b740a70871c1a248bb65c267f5f2[log] [tgz]
authorMichael Halcrow <mhalcrow@us.ibm.com>Fri Mar 16 13:38:22 2007 -0800
committerLinus Torvalds <torvalds@woody.linux-foundation.org>Fri Mar 16 19:25:05 2007 -0700
tree0697a8341e4f8f3cafe770ba76e12bb900ac3880
parentad28d94abb1313bdf27e196676292c493f92f824 [diff]
[PATCH] eCryptfs: fix possible NULL ptr deref in ecryptfs_d_release()

ecryptfs_d_release() first dereferences a pointer (via
ecryptfs_dentry_to_lower()) and then afterwards checks to see if the
pointer it just dereferenced is NULL (via ecryptfs_dentry_to_private()).

This patch moves all of the work done on the dereferenced pointer inside a
block governed by the condition that the pointer is non-NULL.

Signed-off-by: Michael Halcrow <mhalcrow@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

diff --git a/fs/ecryptfs/dentry.c b/fs/ecryptfs/dentry.c
index 329efcd..cb20b96 100644
--- a/fs/ecryptfs/dentry.c
+++ b/fs/ecryptfs/dentry.c

@@ -78,18 +78,13 @@
  */
 static void ecryptfs_d_release(struct dentry *dentry)
 {
-	struct dentry *lower_dentry;
-
-	lower_dentry = ecryptfs_dentry_to_lower(dentry);
-	if (ecryptfs_dentry_to_private(dentry))
+	if (ecryptfs_dentry_to_private(dentry)) {
+		if (ecryptfs_dentry_to_lower(dentry)) {
+			mntput(ecryptfs_dentry_to_lower_mnt(dentry));
+			dput(ecryptfs_dentry_to_lower(dentry));
+		}
 		kmem_cache_free(ecryptfs_dentry_info_cache,
 				ecryptfs_dentry_to_private(dentry));
-	if (lower_dentry) {
-		struct vfsmount *lower_mnt =
-			ecryptfs_dentry_to_lower_mnt(dentry);
-
-		mntput(lower_mnt);
-		dput(lower_dentry);
 	}
 	return;
 }