lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 10 Oct 2017 10:52:01 +0800
From:   Wei Yang <richard.weiyang@...il.com>
To:     mawilcox@...rosoft.com, akpm@...ux-foundation.org
Cc:     linux-kernel@...r.kernel.org, Wei Yang <richard.weiyang@...il.com>
Subject: [PATCH] radix-tree: get_slot_offset() returns invalid offset when parent is NULL

When parent is NULL, get_slot_offset() returns almost the address of slot.
This is an invalid value for offset.

One possible scenario happens on deleting #0 index, when it is the only one
in tree.

Current behavior doesn't harm the system, because the offset will not be
used when parent is NULL in the following procedure or parent is checked
before get_slot_offset() called. While it is still not safe to return an
invalid offset.

This patch returns 0 when parent is NULL in get_slot_offset().

Signed-off-by: Wei Yang <richard.weiyang@...il.com>
---
 lib/radix-tree.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/radix-tree.c b/lib/radix-tree.c
index 898e87998417..f006f6928eda 100644
--- a/lib/radix-tree.c
+++ b/lib/radix-tree.c
@@ -119,7 +119,7 @@ bool is_sibling_entry(const struct radix_tree_node *parent, void *node)
 static inline unsigned long
 get_slot_offset(const struct radix_tree_node *parent, void __rcu **slot)
 {
-	return slot - parent->slots;
+	return parent ? (slot - parent->slots):0;
 }
 
 static unsigned int radix_tree_descend(const struct radix_tree_node *parent,
-- 
2.11.0

Powered by blists - more mailing lists