| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <10e7ffbc-2d79-f970-a55a-a219ebd32f24@huawei.com>
Date: Fri, 3 Dec 2021 14:27:50 +0800
From: zhanchengbin <zhanchengbin1@...wei.com>
To: Theodore Ts'o <tytso@....edu>
CC: <linux-ext4@...r.kernel.org>, <liuzhiqiang26@...wei.com>,
<linfeilong@...wei.com>
Subject: [PATCH 2/6] lib/ss: check whether argp is null before accessing it in
ss_execute_command()
In ss_execute_command(), we should check whether argp is null before
accessing it,
otherwise the null potinter dereference error may occur.
Signed-off-by: zhanchengbin <zhanchengbin1@...wei.com>
Signed-off-by: Zhiqiang Liu <liuzhiqiang26@...wei.com>
---
lib/ss/execute_cmd.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib/ss/execute_cmd.c b/lib/ss/execute_cmd.c
index d443a468..b6e4a5dc 100644
--- a/lib/ss/execute_cmd.c
+++ b/lib/ss/execute_cmd.c
@@ -171,6 +171,8 @@ int ss_execute_command(int sci_idx, register char
*argv[])
for (argp = argv; *argp; argp++)
argc++;
argp = (char **)malloc((argc+1)*sizeof(char *));
+ if (argp == NULL)
+ return (SS_ET_COMMAND_NOT_FOUND);
for (i = 0; i <= argc; i++)
argp[i] = argv[i];
i = really_execute_command(sci_idx, argc, &argp);
--
2.23.0
Powered by blists - more mailing lists