Makar Semyonov 3c26a8d30e cifs: prevent NULL pointer dereference in UTF16 conversion ... commit 70bccd9855 upstream. There can be a NULL pointer dereference bug here. NULL is passed to __cifs_sfu_make_node without checks, which passes it unchecked to cifs_strndup_to_utf16, which in turn passes it to cifs_local_to_utf16_bytes where '*from' is dereferenced, causing a crash. This patch adds a check for NULL 'src' in cifs_strndup_to_utf16 and returns NULL early to prevent dereferencing NULL pointer. Found by Linux Verification Center (linuxtesting.org) with SVACE Signed-off-by: Makar Semyonov <m.semenov@tssltd.ru> Cc: stable@vger.kernel.org Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2025-09-09 19:02:34 +02:00
..
9p
adfs
affs
afs	afs: Set vllist to NULL if addr parsing fails	2025-07-23 13:54:34 +02:00
autofs
bcachefs	bcachefs: Add missing snapshots_seen_add_inorder()	2025-07-24 22:56:37 -04:00
befs
bfs
btrfs	btrfs: zoned: skip ZONE FINISH of conventional zones	2025-09-09 19:02:16 +02:00
cachefiles	cachefiles: Fix the incorrect return value in __cachefiles_write()	2025-07-10 09:40:17 +02:00
ceph	parse_longname(): strrchr() expects NUL-terminated string	2025-08-15 16:38:21 +02:00
coda
configfs
cramfs
crypto	fscrypt: Don't use problematic non-inline crypto engines	2025-08-20 18:40:48 +02:00
debugfs	debugfs: fix mount options not being applied	2025-08-28 16:34:38 +02:00
devpts
dlm
ecryptfs
efivarfs	efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare	2025-09-04 16:55:43 +02:00
efs
erofs	erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC	2025-09-04 16:55:31 +02:00
exfat	exfat: add cluster chain loop check for dir	2025-08-20 18:41:29 +02:00
exportfs
ext2	ext2: Handle fiemap on empty files to prevent EINVAL	2025-08-20 18:40:56 +02:00
ext4	ext4: fix hole length calculation overflow in non-extent inodes	2025-08-28 16:34:15 +02:00
f2fs	f2fs: fix to avoid out-of-boundary access in dnode page	2025-08-28 16:34:25 +02:00
fat
freevxfs
fuse	vfs-6.16-rc5.fixes	2025-07-04 09:06:49 -07:00
gfs2	gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops	2025-08-20 18:40:54 +02:00
hfs	hfs: fix not erasing deleted b-tree node issue	2025-08-20 18:40:55 +02:00
hfsplus	hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file()	2025-08-20 18:40:53 +02:00
hostfs
hpfs
hugetlbfs
iomap	iomap: Fix broken data integrity guarantees for O_SYNC writes	2025-08-28 16:34:25 +02:00
isofs	isofs: Verify inode mode when loading from disk	2025-07-11 11:39:31 +02:00
jbd2	jbd2: prevent softlockup in jbd2_log_do_checkpoint()	2025-08-28 16:34:25 +02:00
jffs2
jfs	jfs: upper bound check of tree index in dbAllocAG	2025-08-20 18:41:23 +02:00
kernfs
lockd
minix
netfs	netfs: Fix unbuffered write error handling	2025-08-28 16:34:13 +02:00
nfs	NFS: Fix a race when updating an existing write	2025-08-28 16:34:35 +02:00
nfs_common	NFS/localio: nfs_uuid_put() fix the wake up after unlinking the file	2025-08-15 16:39:27 +02:00
nfsd	NFSD: detect mismatch of file handle and delegation stateid in OPEN op	2025-08-20 18:40:47 +02:00
nilfs2	nilfs2: reject invalid file types when reading inodes	2025-07-19 19:26:16 -07:00
nls
notify	fanotify: sanitize handle_type values when reporting fid	2025-08-15 16:39:02 +02:00
ntfs3	fs/ntfs3: correctly create symlink for relative path	2025-08-20 18:40:55 +02:00
ocfs2	ocfs2: prevent release journal inode after journal shutdown	2025-09-09 19:02:31 +02:00
omfs
openpromfs
orangefs	fs/orangefs: use snprintf() instead of sprintf()	2025-08-20 18:41:22 +02:00
overlayfs	ovl: use I_MUTEX_PARENT when locking parent in ovl_create_temp()	2025-08-28 16:34:41 +02:00
proc	proc: fix missing pde_set_flags() for net proc files	2025-09-09 19:02:31 +02:00
pstore
qnx4
qnx6
quota
ramfs
resctrl
romfs
smb	cifs: prevent NULL pointer dereference in UTF16 conversion	2025-09-09 19:02:34 +02:00
squashfs	squashfs: fix memory leak in squashfs_fill_super	2025-08-28 16:34:35 +02:00
sysfs
tests
tracefs	tracefs: Add d_delete to remove negative dentries	2025-08-20 18:40:56 +02:00
ubifs
udf	udf: Verify partition map count	2025-08-20 18:40:54 +02:00
ufs	fix the regression in ufs options parsing	2025-07-23 11:45:04 -04:00
unicode
vboxsf
verity
xfs	xfs: do not propagate ENODATA disk errors into xattr code	2025-09-04 16:55:48 +02:00
zonefs
aio.c
anon_inodes.c
attr.c
backing-file.c
bad_inode.c
binfmt_elf_fdpic.c
binfmt_elf.c
binfmt_flat.c
binfmt_misc.c
binfmt_script.c
bpf_fs_kfuncs.c
buffer.c	fs/buffer: fix use-after-free when call bh_read() helper	2025-08-28 16:34:38 +02:00
char_dev.c
compat_binfmt_elf.c
coredump.c
d_path.c
dax.c
dcache.c
direct-io.c
drop_caches.c
eventfd.c
eventpoll.c	eventpoll: fix sphinx documentation build warning	2025-08-15 16:38:24 +02:00
exec.c	anon_inode: rework assertions	2025-07-02 14:41:39 +02:00
fcntl.c
fhandle.c	fhandle: do_handle_open() should get FD with user flags	2025-08-28 16:34:38 +02:00
file_table.c
file.c	fs: Prevent file descriptor table allocations exceeding INT_MAX	2025-08-20 18:40:48 +02:00
filesystems.c
fs_context.c
fs_parser.c
fs_pin.c
fs_struct.c
fs_types.c
fs-writeback.c	fs: writeback: fix use-after-free in __mark_inode_dirty()	2025-09-09 19:02:16 +02:00
fsopen.c
init.c
inode.c
internal.h	libfs: massage path_from_stashed() to allow custom stashing behavior	2025-08-28 16:34:38 +02:00
ioctl.c
Kconfig
Kconfig.binfmt
kernel_read_file.c
libfs.c	libfs: massage path_from_stashed() to allow custom stashing behavior	2025-08-28 16:34:38 +02:00
locks.c
Makefile
mbcache.c
mnt_idmapping.c
mount.h
mpage.c
namei.c	vfs-6.16-rc5.fixes	2025-07-04 09:06:49 -07:00
namespace.c	use uniform permission checks for all mount propagation changes	2025-08-28 16:34:38 +02:00
nsfs.c
open.c
pidfs.c	pidfs: raise SB_I_NODEV and SB_I_NOEXEC	2025-08-20 18:40:55 +02:00
pipe.c
pnode.c
pnode.h
posix_acl.c
proc_namespace.c
read_write.c
readdir.c
remap_range.c
select.c
seq_file.c
signalfd.c
splice.c	netfs: Fix unbuffered write error handling	2025-08-28 16:34:13 +02:00
stack.c
stat.c
statfs.c
super.c
sync.c
sysctls.c
timerfd.c
userfaultfd.c
utimes.c
xattr.c