smb: client: Add check for next_buffer in receive_encrypted_standard()

Add check for the return value of cifs_buf_get() and cifs_small_buf_get()
in receive_encrypted_standard() to prevent null pointer dereference.

Fixes: eec04ea11969 ("smb: client: fix OOB in receive_encrypted_standard()")
Cc: stable@vger.kernel.org
Signed-off-by: Haoxiang Li <haoxiang_li2024@163.com>
Signed-off-by: Steve French <stfrench@microsoft.com>

diff --git a/fs/smb/client/smb2ops.c b/fs/smb/client/smb2ops.c
index 23e0c8be7fb5271c041d7a64c2ea29fad1860b16..4dd11eafb69d9cc7e79de85ed07e0c54af21174e 100644 (file)
--- a/fs/smb/client/smb2ops.c
+++ b/fs/smb/client/smb2ops.c
@@ -4965,6 +4965,10 @@ one_more:
                        next_buffer = (char *)cifs_buf_get();
                else
                        next_buffer = (char *)cifs_small_buf_get();
+               if (!next_buffer) {
+                       cifs_server_dbg(VFS, "No memory for (large) SMB response\n");
+                       return -1;
+               }
                memcpy(next_buffer, buf + next_cmd, pdu_length - next_cmd);
        }