| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 Jan 2016 14:15:54 +0300 From: Denis Kirjanov <kda@...ux-powerpc.org> To: Baozeng Ding <sploving1@...il.com> Cc: davem@...emloft.net, netdev@...r.kernel.org Subject: Re: [PATCH v3] netlink: fix null pointer dereference on nlk->groups On 1/12/16, Baozeng Ding <sploving1@...il.com> wrote: > If groups is not 0 and nlk->groups is NULL, it will not return > immediately and cause a null pointer dereference later. > > Signed-off-by: Baozeng Ding <sploving1@...il.com> > --- > The v3 version adds WARN_ON, suggested by David Miller. Thanks for > David's feedback. But can you explain how can we get to this situation? > --- > net/netlink/af_netlink.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c > index 59651af..f93d579 100644 > --- a/net/netlink/af_netlink.c > +++ b/net/netlink/af_netlink.c > @@ -1576,7 +1576,10 @@ static int netlink_bind(struct socket *sock, struct > sockaddr *addr, > } > } > > - if (!groups && (nlk->groups == NULL || !(u32)nlk->groups[0])) > + if (WARN_ON(!nlk->groups)) > + return 0; > + > + if (!groups && !(u32)nlk->groups[0]) > return 0; > > netlink_table_grab(); > -- > 1.9.1 > >
Powered by blists - more mailing lists