User: | Jiri Slaby |
Error type: | Invalid Pointer Dereference |
Error type description: | A pointer which is invalid is being dereferenced |
File location: | fs/cifs/cifsacl.c |
Line in file: | 375 |
Project: | Linux Kernel |
Project version: | 2.6.28 |
Tools: |
Stanse
(1.2)
Smatch (1.59) |
Entered: | 2011-11-07 22:22:22 UTC |
345 } 346 347 /* validate that we do not go past end of acl */ 348 if (end_of_acl < (char *)pdacl + le16_to_cpu(pdacl->size)) { 349 cERROR(1, ("ACL too small to parse DACL")); 350 return; 351 } 352 353 cFYI(DBG2, ("DACL revision %d size %d num aces %d", 354 le16_to_cpu(pdacl->revision), le16_to_cpu(pdacl->size), 355 le32_to_cpu(pdacl->num_aces))); 356 357 /* reset rwx permissions for user/group/other. 358 Also, if num_aces is 0 i.e. DACL has no ACEs, 359 user/group/other have no permissions */ 360 inode->i_mode &= ~(S_IRWXUGO); 361 362 acl_base = (char *)pdacl; 363 acl_size = sizeof(struct cifs_acl); 364 365 num_aces = le32_to_cpu(pdacl->num_aces); 366 if (num_aces > 0) { 367 umode_t user_mask = S_IRWXU; 368 umode_t group_mask = S_IRWXG; 369 umode_t other_mask = S_IRWXO; 370 371 ppace = kmalloc(num_aces * sizeof(struct cifs_ace *), 372 GFP_KERNEL); 373 374 for (i = 0; i < num_aces; ++i) { 375 ppace[i] = (struct cifs_ace *) (acl_base + acl_size); 376#ifdef CONFIG_CIFS_DEBUG2 377 dump_ace(ppace[i], end_of_acl); 378#endif 379 if (compare_sids(&(ppace[i]->sid), pownersid)) 380 access_flags_to_mode(ppace[i]->access_req, 381 ppace[i]->type, 382 &(inode->i_mode), 383 &user_mask); 384 if (compare_sids(&(ppace[i]->sid), pgrpsid)) 385 access_flags_to_mode(ppace[i]->access_req,