| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 25 Jul 2019 16:41:56 +0800
From: Jia-Ju Bai <baijiaju1990@...il.com>
To: r.marek@...embler.cz, jdelvare@...e.com, linux@...ck-us.net
Cc: linux-hwmon@...r.kernel.org, linux-kernel@...r.kernel.org,
Jia-Ju Bai <baijiaju1990@...il.com>
Subject: [PATCH] hwmon: w83793: Fix possible null-pointer dereferences in watchdog_open()
In watchdog_open(), data is initialized as NULL.
After the loop "list_for_each_entry" on lines 1302-1307,
data may not be assigned, thus data is still NULL.
In this case, data is used on line 1310:
watchdog_is_open = test_and_set_bit(0, &data->watchdog_is_open);
and on line 1317:
kref_get(&data->kref);
and on line 1326:
watchdog_enable(data);
Thus, possible null-pointer dereferences may occur.
To fix these bugs, data is checked after the loop.
If it is NULL, the mutex lock is released and -EINVAL is returned.
These bugs are found by a static analysis tool STCheck written by us.
Signed-off-by: Jia-Ju Bai <baijiaju1990@...il.com>
---
drivers/hwmon/w83793.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/hwmon/w83793.c b/drivers/hwmon/w83793.c
index 46f5dfec8d0a..f299716d5d94 100644
--- a/drivers/hwmon/w83793.c
+++ b/drivers/hwmon/w83793.c
@@ -1306,6 +1306,11 @@ static int watchdog_open(struct inode *inode, struct file *filp)
}
}
+ if (!data) {
+ mutex_unlock(&watchdog_data_mutex);
+ return -EINVAL;
+ }
+
/* Check, if device is already open */
watchdog_is_open = test_and_set_bit(0, &data->watchdog_is_open);
--
2.17.0
Powered by blists - more mailing lists