lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Sat, 2 Sep 2006 22:10:25 +0200
From:	Jesper Juhl <jesper.juhl@...il.com>
To:	linux-kernel@...r.kernel.org
Cc:	Manfred Spraul <manfred@...orfullife.com>,
	Andrew de Quincey <adq_dvb@...skialf.net>,
	Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006@....net>,
	davem@...emloft.net
Subject: [PATCH] fix possible NULL ptr deref in forcedeth

There seems to be a possible NULL pointer deref bug in 
drivers/net/forcedeth.c::nv_loopback_test().
If dev_alloc_skb() fails, the next line will call skb_put()
with a NULL first argument which it'll then try to deref - 
kaboom: a NULL pointer deref.
Found by coverity (#1337).


Signed-off-by: Jesper Juhl <jesper.juhl@...il.com>
---

 drivers/net/forcedeth.c |    8 +++++++-
 1 files changed, 7 insertions(+), 1 deletion(-)

--- linux-2.6.18-rc5-git6-orig/drivers/net/forcedeth.c	2006-09-02 21:34:14.000000000 +0200
+++ linux-2.6.18-rc5-git6/drivers/net/forcedeth.c	2006-09-02 22:02:13.000000000 +0200
@@ -3656,6 +3656,12 @@ static int nv_loopback_test(struct net_d
 	/* setup packet for tx */
 	pkt_len = ETH_DATA_LEN;
 	tx_skb = dev_alloc_skb(pkt_len);
+	if (!tx_skb) {
+		printk(KERN_ERR "dev_alloc_skb() failed during loopback test"
+			 " of %s\n", dev->name);
+		ret = 0;
+		goto out;
+	}
 	pkt_data = skb_put(tx_skb, pkt_len);
 	for (i = 0; i < pkt_len; i++)
 		pkt_data[i] = (u8)(i & 0xff);
@@ -3720,7 +3726,7 @@ static int nv_loopback_test(struct net_d
 		       tx_skb->end-tx_skb->data,
 		       PCI_DMA_TODEVICE);
 	dev_kfree_skb_any(tx_skb);
-
+ out:
 	/* stop engines */
 	nv_stop_rx(dev);
 	nv_stop_tx(dev);

-- 
VGER BF report: U 0.499932
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ