From ac2078a8bf5abcf87bddca393290cb9e0c151de5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Beat=20K=C3=BCng?= <beat-kueng@gmx.net>
Date: Wed, 9 Apr 2025 11:11:31 +0200
Subject: [PATCH] fs/procfs: fix potential null pointer access in
 procfs_opendir
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Some entries have the opendir function set to NULL, for example
g_mount_operations.

A null pointer dereference can be triggered by an
opendir("/proc/fs/blocks") for example.

Signed-off-by: Beat Küng <beat-kueng@gmx.net>
---
 fs/procfs/fs_procfs.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/fs/procfs/fs_procfs.c b/fs/procfs/fs_procfs.c
index 627d03e0e1..c5958fb318 100644
--- a/fs/procfs/fs_procfs.c
+++ b/fs/procfs/fs_procfs.c
@@ -714,8 +714,12 @@ static int procfs_opendir(FAR struct inode *mountpt, FAR const char *relpath,
                * derived from struct procfs_dir_priv_s as dir.
                */
 
-              DEBUGASSERT(g_procfs_entries[x].ops != NULL &&
-                          g_procfs_entries[x].ops->opendir != NULL);
+              DEBUGASSERT(g_procfs_entries[x].ops != NULL);
+
+              if (g_procfs_entries[x].ops->opendir == NULL)
+                {
+                  return -ENOENT;
+                }
 
               ret = g_procfs_entries[x].ops->opendir(relpath, dir);
               if (ret == OK)