lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 18 Apr 2007 09:16:26 -0700
From:	Andrew Morton <akpm@...ux-foundation.org>
To:	Kenji Kaneshige <kaneshige.kenji@...fujitsu.com>
Cc:	izumi2005@...t.fujitsu.com, linux-kernel@...r.kernel.org,
	linux-serial@...r.kernel.org, rmk@....linux.org.uk
Subject: Re: [PATCH][BUG] Fix possible NULL pointer access in 8250 serial
 driver

> On Wed, 18 Apr 2007 17:21:53 +0900 Kenji Kaneshige <kaneshige.kenji@...fujitsu.com> wrote:
> > I'd imagine that other serial drivers might get upset having their
> > ->get_mcrtl() called prior to being opened.  Perhaps we should be fixing
> > this in uart_read_proc()?
> > 
> 
> I looked at other serial drivers and I could not find any other
> drivers which accesses port->info in their ->get_mctrl(). This 
> is why we fix this problem in 8250 driver. But if there is a
> possibility that other drivers accesses port->info in their
> ->get_mctrl(), we should be fixing this in uart_read_proc(), as
> you said.

OK.  But port->info might not be the only state which is initialised
in open() which is used in get_mctrl().

> How about the following patch? We've also confirmed the problem
> is fixed by it.
> 

Thanks.  Or we could just avoid calling into ->get_mctrl() if the port isn't
opened.  Russell?  Any preferences?

> 
> 
> This patch fixes the problem that uninitialized (NULL) 'info' member
> of uart_port structure can be accessed if serial driver is accessed
> through /proc filesystem before uart_open(), which initializes the
> 'info' member', is called.
> 
> Signed-off-by: Kenji Kaneshige <kaneshige.kenji@...fujitsu.com>
> Signed-off-by: Taku Izumi <izumi2005@...t.fujitsu.com>
> 
> ---
>  drivers/serial/serial_core.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> Index: linux-2.6.21-rc5/drivers/serial/serial_core.c
> ===================================================================
> --- linux-2.6.21-rc5.orig/drivers/serial/serial_core.c
> +++ linux-2.6.21-rc5/drivers/serial/serial_core.c
> @@ -1665,7 +1665,7 @@ static int uart_line_info(char *buf, str
>  	unsigned int status;
>  	int mmio, ret;
>  
> -	if (!port)
> +	if (!port || !port->info)
>  		return 0;
>  
>  	mmio = port->iotype >= UPIO_MEM;
> 
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ