e2fsprogs/0036-libsupport-fix-potental-NULL-pointer-dereferences-in.patch

From 0a219efe5b0bd1fd8c517877467d1d62d08b8f75 Mon Sep 17 00:00:00 2001
From: Lukas Czerner <lczerner@redhat.com>
Date: Fri, 6 Aug 2021 11:58:20 +0200
Subject: [PATCH] libsupport: fix potental NULL pointer dereferences in quota
 functions

get_dq() function can fail when the memory allocation fails and so we
could end up dereferencing NULL pointer. Fix it.

Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
---
 lib/support/mkquota.c      | 8 ++++++--
 lib/support/quotaio_tree.c | 2 +-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/lib/support/mkquota.c b/lib/support/mkquota.c
index dce077e6..ec932d13 100644
--- a/lib/support/mkquota.c
+++ b/lib/support/mkquota.c
@@ -433,7 +433,8 @@ void quota_data_sub(quota_ctx_t qctx, struct ext2_inode_large *inode,
 		dict = qctx->quota_dict[qtype];
 		if (dict) {
 			dq = get_dq(dict, get_qid(inode, qtype));
-			dq->dq_dqb.dqb_curspace -= space;
+			if (dq)
+				dq->dq_dqb.dqb_curspace -= space;
 		}
 	}
 }
@@ -460,7 +461,8 @@ void quota_data_inodes(quota_ctx_t qctx, struct ext2_inode_large *inode,
 		dict = qctx->quota_dict[qtype];
 		if (dict) {
 			dq = get_dq(dict, get_qid(inode, qtype));
-			dq->dq_dqb.dqb_curinodes += adjust;
+			if (dq)
+				dq->dq_dqb.dqb_curinodes += adjust;
 		}
 	}
 }
@@ -533,6 +535,8 @@ static int scan_dquots_callback(struct dquot *dquot, void *cb_data)
 	struct dquot *dq;
 
 	dq = get_dq(quota_dict, dquot->dq_id);
+	if (!dq)
+		return -1;
 	dq->dq_id = dquot->dq_id;
 	dq->dq_flags |= DQF_SEEN;
 
diff --git a/lib/support/quotaio_tree.c b/lib/support/quotaio_tree.c
index 6cc4fb5b..5910e637 100644
--- a/lib/support/quotaio_tree.c
+++ b/lib/support/quotaio_tree.c
@@ -601,7 +601,7 @@ static int report_tree(struct dquot *dquot, unsigned int blk, int depth,
 	__le32 *ref = (__le32 *) buf;
 
 	if (!buf)
-		return 0;
+		return -1;
 
 	read_blk(dquot->dq_h, blk, buf);
 	if (depth == QT_TREEDEPTH - 1) {
-- 
2.25.1