lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 31 Dec 2021 15:42:01 +0800
From:   zhanchengbin <zhanchengbin1@...wei.com>
To:     Theodore Ts'o <tytso@....edu>
CC:     <linux-ext4@...r.kernel.org>, <liuzhiqiang26@...wei.com>,
        <linfeilong@...wei.com>, <wubo40@...wei.com>
Subject: [PATCH v2 2/6] lib/ss: check whether argp is null before accessing
 it, in ss_execute_command()

In ss_execute_command(), we should check whether argp is null before 
accessing it,
otherwise the null potinter dereference error may occur.

Signed-off-by: zhanchengbin <zhanchengbin1@...wei.com>
---
  lib/ss/execute_cmd.c | 2 ++
  1 file changed, 2 insertions(+)

diff --git a/lib/ss/execute_cmd.c b/lib/ss/execute_cmd.c
index d443a468..b6e4a5dc 100644
--- a/lib/ss/execute_cmd.c
+++ b/lib/ss/execute_cmd.c
@@ -171,6 +171,8 @@ int ss_execute_command(int sci_idx, register char 
*argv[])
  	for (argp = argv; *argp; argp++)
  		argc++;
  	argp = (char **)malloc((argc+1)*sizeof(char *));
+	if (argp == NULL)
+		return (SS_ET_COMMAND_NOT_FOUND);
  	for (i = 0; i <= argc; i++)
  		argp[i] = argv[i];
  	i = really_execute_command(sci_idx, argc, &argp);
-- 
2.27.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ