| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 6 Apr 2016 11:07:45 +0100
From: Sudip Mukherjee <sudipm.mukherjee@...il.com>
To: Andrew Morton <akpm@...ux-foundation.org>
Cc: linux-kernel@...r.kernel.org,
Sudip Mukherjee <sudipm.mukherjee@...il.com>
Subject: [PATCH] proc: fix dereference of ERR_PTR
On the unlikely event of a bad name, d_hash_and_lookup() can return the
error value in ERR_PTR(). And we were only checking the return value of
d_hash_and_lookup() to be NULL. In case it is not NULL and has some
error then d_inode() will try to dereference it later.
Signed-off-by: Sudip Mukherjee <sudip.mukherjee@...ethink.co.uk>
---
fs/proc/base.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/proc/base.c b/fs/proc/base.c
index b1755b2..a71df53 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1818,7 +1818,7 @@ bool proc_fill_cache(struct file *file, struct dir_context *ctx,
ino_t ino;
child = d_hash_and_lookup(dir, &qname);
- if (!child) {
+ if (IS_ERR_OR_NULL(child)) {
child = d_alloc(dir, &qname);
if (!child)
goto end_instantiate;
--
2.1.4
Powered by blists - more mailing lists