lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 20 Dec 2010 12:26:23 +0100 From: "Andreas.Eversberg" <Andreas.Eversberg@...satel.de> To: "Jesper Juhl" <jj@...osbits.net>, "Karsten Keil" <isdn@...ux-pingi.de> Cc: "David S. Miller" <davem@...emloft.net>, "Julia Lawall" <julia@...u.dk>, "Tejun Heo" <tj@...nel.org>, <netdev@...r.kernel.org>, <linux-kernel@...r.kernel.org> Subject: AW: [PATCH] ISDN cmx: Avoid potential NULL deref in dsp_cmx_send_member() and shrink code size. hi jesper, thanx for finding the bug. i think the right solution to solve the problem would be: if (dsp->conf && dsp->conf->software && dsp->conf->hardware) tx_data_only = 1; -> if (dsp->echo.software && dsp->echo.hardware) tx_data_only = 1; this is how it looks in the 'socket' branch of mISDN git respository. it has been fixed already. but i cannot tell in which commit. my current head is this commit: commit 45a51eed1c554a4891b48b88c270f4f95bd21df0 what branch do you use? regards, andreas -----Ursprüngliche Nachricht----- Von: Jesper Juhl [mailto:jj@...osbits.net] Gesendet: Samstag, 18. Dezember 2010 23:34 An: Karsten Keil Cc: David S. Miller; Julia Lawall; Tejun Heo; netdev@...r.kernel.org; linux-kernel@...r.kernel.org; Andreas Eversberg Betreff: [PATCH] ISDN cmx: Avoid potential NULL deref in dsp_cmx_send_member() and shrink code size. Hi there, In drivers/isdn/mISDN/dsp_cmx.c::dsp_cmx_send_member() we currently have this code: if (dsp->conf && dsp->conf->software && dsp->conf->hardware) tx_data_only = 1; if (dsp->conf->software && dsp->echo.hardware) tx_data_only = 1; The first line implies that 'dsp->conf' may be NULL. If it is, then the third line will dereference a NULL pointer. This patch reworks the code so that we avoid the potential NULL deref. It also has the added benefit that the object file size shrinks a bit. before: text data bss dec hex filename 18840 112 5784 24736 60a0 drivers/isdn/mISDN/dsp_cmx.o after: text data bss dec hex filename 18816 112 5776 24704 6080 drivers/isdn/mISDN/dsp_cmx.o Signed-off-by: Jesper Juhl <jj@...osbits.net> --- dsp_cmx.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) compile tested only diff --git a/drivers/isdn/mISDN/dsp_cmx.c b/drivers/isdn/mISDN/dsp_cmx.c index 76d9e67..f76f595 100644 --- a/drivers/isdn/mISDN/dsp_cmx.c +++ b/drivers/isdn/mISDN/dsp_cmx.c @@ -1326,10 +1326,9 @@ dsp_cmx_send_member(struct dsp *dsp, int len, s32 *c, int members) dsp->last_tx = 0; return; } - if (dsp->conf && dsp->conf->software && dsp->conf->hardware) - tx_data_only = 1; - if (dsp->conf->software && dsp->echo.hardware) - tx_data_only = 1; + if (dsp->conf && dsp->conf->software) + if (dsp->conf->hardware || dsp->echo.hardware) + tx_data_only = 1; } #ifdef CMX_DEBUG -- Jesper Juhl <jj@...osbits.net> http://www.chaosbits.net/ Don't top-post http://www.catb.org/~esr/jargon/html/T/top-post.html Plain text mails only, please. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists