| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 10 Jul 2011 02:02:54 -0400 From: Arnaud Lacombe <lacombar@...il.com> To: Andrej Gelenberg <andrej.gelenberg@....edu> Cc: linux-kernel@...r.kernel.org, linux-kbuild@...r.kernel.org Subject: Re: [PATCH] nconfig: prevent segfault on empty menu Hi, On Sat, Jul 9, 2011 at 10:04 PM, Andrej Gelenberg <andrej.gelenberg@....edu> wrote: > Hello, > > i found and fixed an NULL-dereference bug in nconf tool. > > How to reproduce: > 1. $ make nconfig > 2. disable "Kernel hacking -> Debug Filesystem" > 3. go to "General setup -> GCOV-based kernel profiling" and hit F2 > it should segfault > > Fix: i have added some checks for "struct menu*" to be NULL before it > get dereferenced > I am not a huge fan of this. The frontend should be careful not to try to request the visibility or the prompt of an invalid menu. Following this point of view, I would rather see assertion added than a test for NULL, and fix the frontend appropriately to catch those case. Said otherwise, there is no reason to apply a fix on the backend for an nconfig-only issue. - Arnaud > Regards, > Andrej Gelenberg > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists