Opened 7 years ago
Last modified 7 years ago
#16836 closed defect
sf_unlink_aux: potential null pointer dereference on dentry — at Initial Version
| Reported by: | ColinIanKing | Owned by: | |
|---|---|---|---|
| Component: | other | Version: | VirtualBox 5.1.22 |
| Keywords: | dentry null pointer dereference | Cc: | |
| Guest type: | Linux | Host type: | Linux |
Description
Function sf_unlink_aux() in vboxsf/dirops.c performs a dereference on dentry with the following call:
err = sf_path_from_dentry(func, sf_g, sf_i, dentry, &path);
However, a few statements later dentry is being checked to see if it is a NULL pointer:
if ( dentry
&& dentry->d_inode && ((dentry->d_inode->i_mode & S_IFLNK) == S_IFLNK)) fFlags |= SHFL_REMOVE_SYMLINK;
Either that null pointer check is redundant or it dentry really could be NULL, in which case the earlier call to sf_path_from_dentry with a null dentry can trip a null pointer deference bug on dentry.
Anyhow, the current code looks suspect and should be fixed.

