| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 23 Apr 2017 16:00:27 +0800
From: PanBian <bianpan2016@....com>
To: Joe Perches <joe@...ches.com>
Cc: Ying Xue <ying.xue@...driver.com>,
"David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org,
tipc-discussion@...ts.sourceforge.net, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/1] tipc: check return value of nlmsg_new
On Sun, Apr 23, 2017 at 12:17:16AM -0700, Joe Perches wrote:
> On Sun, 2017-04-23 at 15:09 +0800, Pan Bian wrote:
> > Function nlmsg_new() will return a NULL pointer if there is no enough
> > memory, and its return value should be checked before it is used.
> > However, in function tipc_nl_node_get_monitor(), the validation of the
> > return value of function nlmsg_new() is missed. This patch fixes the
> > bug.
>
> Hello.
>
> Thanks for the patches.
>
> Are you finding these via a tool or inspection?
>
> If a tool is being used, could you please describe it?
>
Yes. I developed a tool to find this kind of bugs.
The detecting idea is simple. In large systems like the Linux kernel,
most implementations are correct, and incorrect ones are rare. Based on
this observation, we take programs that have different implementations
with others as bugs. For example, in most cases, the return vlaue of
nlmsg_new() is validated and it will not be passed to genlmsg_reply() if
its value is NULL. However, in function tipc_nl_node_get_monitor(), the
validation is missing. The abnormal behavior leads us to believe that
there is a bug.
Thanks for your attention.
Powered by blists - more mailing lists