lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20070904210630.GD4117@kernel.dk>
Date:	Tue, 4 Sep 2007 23:06:30 +0200
From:	Jens Axboe <jens.axboe@...cle.com>
To:	Simon Holm Thøgersen <odie@...aau.dk>
Cc:	Micah Gruber <micah.gruber@...il.com>,
	linux-kernel@...r.kernel.org,
	linux-usb-devel@...ts.sourceforge.net, gregkh@...e.de
Subject: Re: [PATCH] Fix a potential NULL pointer dereference in
	usbat_check_status()  in drivers/usb/storage/shuttle_usbat.c

On Tue, Sep 04 2007, Simon Holm Thøgersen wrote:
> tir, 04 09 2007 kl. 13:06 +0200, skrev Jens Axboe:
> > On Tue, Sep 04 2007, Micah Gruber wrote:
> > > This patch fixes a potential null dereference bug where we dereference us before a null check. This patch simply moves the dereferencing after the null check.
> > > 
> > > Signed-off-by: Micah Gruber <micah.gruber@...il.com>
> > 
> > Be careful with stuff like that, if you actually look at the code, a us
> > == NULL doesn't seem to be possible (or usbat_flash_transport() would
> > have oopsed before).
> > 
> If that is true, then
>         if (!us)
>                 return USB_STOR_TRANSPORT_ERROR;
> is utterly pointless.

Well that was the point I was trying to make, that test and return
should be deleted instead.

-- 
Jens Axboe

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ