lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 17 Aug 2012 22:33:12 +0200 (CEST) From: Jesper Juhl <jj@...osbits.net> To: linux-kernel@...r.kernel.org cc: netdev@...r.kernel.org, "David S. Miller" <davem@...emloft.net>, Sjur Braendeland <sjur.brandeland@...ricsson.com>, Daniel Martensson <Daniel.Martensson@...ricsson.com> Subject: [PATCH] caif: Do not dereference NULL in chnl_recv_cb() In net/caif/chnl_net.c::chnl_recv_cb() we call skb_header_pointer() which may return NULL, but we do not check for a NULL pointer before dereferencing it. This patch adds such a NULL check and properly free's allocated memory and return an error (-EINVAL) on failure - much better than crashing.. Signed-off-by: Jesper Juhl <jj@...osbits.net> --- net/caif/chnl_net.c | 4 ++++ 1 file changed, 4 insertions(+) Note: compile tested only. diff --git a/net/caif/chnl_net.c b/net/caif/chnl_net.c index 69771c0..e597733 100644 --- a/net/caif/chnl_net.c +++ b/net/caif/chnl_net.c @@ -94,6 +94,10 @@ static int chnl_recv_cb(struct cflayer *layr, struct cfpkt *pkt) /* check the version of IP */ ip_version = skb_header_pointer(skb, 0, 1, &buf); + if (!ip_version) { + kfree_skb(skb); + return -EINVAL; + } switch (*ip_version >> 4) { case 4: -- 1.7.11.4 -- Jesper Juhl <jj@...osbits.net> http://www.chaosbits.net/ Don't top-post http://www.catb.org/jargon/html/T/top-post.html Plain text mails only, please. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists