| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <DF2D8745-9436-429C-BE08-555F745E9D11@ddn.com> Date: Fri, 2 Jan 2015 17:55:50 +0000 From: Ashley Pittman <apittman@....com> To: Rickard Strandqvist <rickard_strandqvist@...ctrumdigital.se> CC: Oleg Drokin <oleg.drokin@...el.com>, Andreas Dilger <andreas.dilger@...el.com>, "HPDD-discuss@...ts.01.org" <HPDD-discuss@...ts.01.org>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, "devel@...verdev.osuosl.org" <devel@...verdev.osuosl.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> Subject: Re: [HPDD-discuss] [PATCH] staging: lustre: lustre: include: lustre_update.h: Fix for possible null pointer dereference Rickard, > On 21 Dec 2014, at 22:43, Rickard Strandqvist <rickard_strandqvist@...ctrumdigital.se> wrote: > > The NULL check was done to late, and there it was a risk > of a possible null pointer dereference. > > This was partially found by using a static code analysis program called cppcheck. > > Signed-off-by: Rickard Strandqvist <rickard_strandqvist@...ctrumdigital.se> > --- > drivers/staging/lustre/lustre/include/lustre_update.h | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/drivers/staging/lustre/lustre/include/lustre_update.h b/drivers/staging/lustre/lustre/include/lustre_update.h > index 84defce..00e1361 100644 > --- a/drivers/staging/lustre/lustre/include/lustre_update.h > +++ b/drivers/staging/lustre/lustre/include/lustre_update.h > @@ -165,12 +165,14 @@ static inline int update_get_reply_buf(struct update_reply *reply, void **buf, > int result; > > ptr = update_get_buf_internal(reply, index, &size); > + > + LASSERT((ptr != NULL && size >= sizeof(int))); > + > result = *(int *)ptr; > > if (result < 0) > return result; > > - LASSERT((ptr != NULL && size >= sizeof(int))); This looks odd to me, LASSERT is essentially BUG_ON() so is used for checking logic bugs. Moving LASSERT calls doesn’t seem the correct way of resolving a logic problem and if you’re doing static analysis it might be more productive to do it this with LASSERT disabled. > *buf = ptr + sizeof(int); > return size - sizeof(int); > } > -- > 1.7.10.4 > > _______________________________________________ > HPDD-discuss mailing list > HPDD-discuss@...ts.01.org > https://lists.01.org/mailman/listinfo/hpdd-discuss
Powered by blists - more mailing lists