lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 29 Mar 2016 15:13:43 +0200
From:	"Rafael J. Wysocki" <rjw@...ysocki.net>
To:	Darren Hart <dvhart@...radead.org>
Cc:	Colin King <colin.king@...onical.com>,
	Sujith Thomas <sujith.thomas@...el.com>,
	platform-driver-x86@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] intel_menlow: set cdev after null device check to avoid null pointer dereference

On Monday, March 28, 2016 11:18:05 AM Darren Hart wrote:
> On Mon, Mar 28, 2016 at 05:18:39PM +0100, Colin King wrote:
> > From: Colin Ian King <colin.king@...onical.com>
> > 
> > intel_menlow_memory_remove sanity checks to see if device is null, however,
> > this check is performed after we have already passed device into a call
> > to acpi_driver_data.  If device is null, then acpi_driver_data will produce
> > a null pointer dereference on device. The correct action is to sanity check
> > device, then assign cdev, then check if cdev is null.
> > 
> 
> Hrm, looking at this locally, that all makes sense.
> 
> Taking a step back however, I notice that intel_menlow_memory_remove is an ops
> function pointer inside the acpi_driver structure itself, which is called from
> acpi_device_remove() (and probe) (drivers/acpi/bus.c). This already verifies
> acpi_driver is not NULL and can't get acpi_driver if acpi_device is NULL. So
> unless there is some other use case for this callback I'm unaware of (certainly
> possible) it appears to be totally redundant to do this checking here.
> 
> +Rafael - is there a best practices for these acpi callbacks with respect to
> input validation?

No best practices I'm aware of, but if the core does this checks anyway before
calling this, they are clearly not necessary here.

Thanks,
Rafael

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ