ksmbd: Fix read on the uninitialized pointer sess

There is a error handling case that passes control to label out_err without pointer sess being assigned a value. The unassigned pointer may be any garbage value and so the test of rc < 0 && sess maybe true leading to sess being passed to the call to ksmbd_session_destroy. Fix this by setting sess to NULL in this corner case. Addresses-Coverity: ("Uninitialized pointer read") Signed-off-by: Colin Ian King <[email protected]> Signed-off-by: Namjae Jeon <[email protected]> Signed-off-by: Steve French <[email protected]>
sm00th · Jul 6, 2021 · 4951a84 · 4951a84
1 parent 465d720
commit 4951a84
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c
@@ -1615,6 +1615,7 @@ int smb2_sess_setup(struct ksmbd_work *work)
 	} else if ((conn->dialect < SMB30_PROT_ID ||
 		    server_conf.flags & KSMBD_GLOBAL_FLAG_SMB3_MULTICHANNEL) &&
 		   (req->Flags & SMB2_SESSION_REQ_FLAG_BINDING)) {
+		sess = NULL;
 		rc = -EACCES;
 		goto out_err;
 	} else {