lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 12 Mar 2008 11:08:57 -0400 (EDT)
From:	Alan Stern <stern@...land.harvard.edu>
To:	Boaz Harrosh <bharrosh@...asas.com>
cc:	James Bottomley <James.Bottomley@...senPartnership.com>,
	Matthew Dharm <mdharm-usb@...-eyed-alien.net>,
	Sven Schnelle <svens@...ckframe.org>,
	<linux-kernel@...r.kernel.org>,
	linux-scsi <linux-scsi@...r.kernel.org>,
	FUJITA Tomonori <fujita.tomonori@....ntt.co.jp>,
	Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: [PATCH] [SCSI] gdth: Allocate sense_buffer to prevent NULL
 pointer dereference

On Wed, 12 Mar 2008, Boaz Harrosh wrote:

> OK Now I see isd200_ata_command() is called from a usb.c internal thread.
> 
> What I need to do is call scsi_get_command(scsi_device*) on first invocation.

Why?

> Now for the call to scsi_put_command()? At the time of the call to 
> isd200_free_info_ptrs() do you think I still have a valid scsi_device at this point?

Definitely not.

> What I will do is this. I will resend my original patch with your comments
> fixed. This is for the 2.6.25-rc. And I will send another patch that uses
> the proper scsi_get/put_command() for testing and inclusion into the 2.6.26 kernel.
> Please ACK on the patch

Okay.

> > Yes.  The three lines of code there are unnecessary.  You should remove
> > them (and the comment) instead of adding more somewhere else.  Or if
> > you want to keep them, just add a line to kfree(us->extra) before 
> > us->extra is set to NULL.
> 
> How are they unnecessary? who will free them? other wise they will only be
> freed at the very end.

That's what I meant.

> And that is only because usb_stor_transparent_scsi_command()
> does not need any us->extra of it's own. But if ever it will, then this code
> buried here will become a leak.

Any additional resources needed by the transparent-SCSI handler will be 
added directly into the main us_data structure; they won't be part of 
us->extra.  That hook was meant specifically for use by the nonstandard 
subdrivers.

But on the whole you are right, and I agree with the change in your 
follow-up patch.

Alan Stern

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ