lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-id: <57513FF3.6050608@samsung.com>
Date:	Fri, 03 Jun 2016 10:29:39 +0200
From:	Krzysztof Opasiak <k.opasiak@...sung.com>
To:	Sudip Mukherjee <sudipm.mukherjee@...il.com>,
	Valentina Manea <valentina.manea.m@...il.com>,
	Shuah Khan <shuah.kh@...sung.com>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:	linux-kernel@...r.kernel.org, linux-usb@...r.kernel.org
Subject: Re: [PATCH] usb: usbip: fix null pointer dereference



On 06/02/2016 03:22 PM, Sudip Mukherjee wrote:
> We have been dereferencing udc before checking it. Lets use it after it
> has been checked.
> 

To be honest I have mixed feelings about this patch.

On one hand it prevents us from dereferencing potential NULL ptr what is
generally good. But on the other hand it seems to be a little bit
pointless overhead. This function is called only in one place, it's
internal function of vudc driver and in addition generally it is
currently impossible that this function will get NULL ptr as parameter
as it's value is taken from container_of(). Not to mention that if this
is NULL or garbage we will end up in NULL ptr dereference much earlier
before calling this function.

So if there is something that you would like to fix with this patch and
you have a real problem with this function could you please provide us
some more details (for example stack trace)? If this patch is just to
prevent us from something that will never happen then I would rather to
not submit this. In my opinion if we get a NULL in this function this
means that we have some serious problem in UDC core and this check will
just mask this error.

Best regards,
-- 
Krzysztof Opasiak
Samsung R&D Institute Poland
Samsung Electronics

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ