From a3a7bc82f09ff674a25f12c98610d37c16576177 Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Fri, 14 Feb 2014 12:05:49 +0300 Subject: [PATCH] fs: NULL dereference in posix_acl_to_xattr() commit 47ba9734403770a4c5e685b01f0a72b835dd4fff upstream. This patch moves the dereference of "buffer" after the check for NULL. The only place which passes a NULL parameter is gfs2_set_acl(). Change-Id: I7ede500c05e646e4c07238d159b8f182a1fbf80d Signed-off-by: Dan Carpenter Signed-off-by: Steven Whitehouse Signed-off-by: Greg Kroah-Hartman --- fs/posix_acl.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/fs/posix_acl.c b/fs/posix_acl.c index 37865a0fe016..29947dbf69ae 100644 --- a/fs/posix_acl.c +++ b/fs/posix_acl.c @@ -686,7 +686,7 @@ posix_acl_to_xattr(struct user_namespace *user_ns, const struct posix_acl *acl, void *buffer, size_t size) { posix_acl_xattr_header *ext_acl = (posix_acl_xattr_header *)buffer; - posix_acl_xattr_entry *ext_entry = ext_acl->a_entries; + posix_acl_xattr_entry *ext_entry; int real_size, n; real_size = posix_acl_xattr_size(acl->a_count); @@ -694,7 +694,8 @@ posix_acl_to_xattr(struct user_namespace *user_ns, const struct posix_acl *acl, return real_size; if (real_size > size) return -ERANGE; - + + ext_entry = ext_acl->a_entries; ext_acl->a_version = cpu_to_le32(POSIX_ACL_XATTR_VERSION); for (n=0; n < acl->a_count; n++, ext_entry++) {