lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20160607161322.30901-1-jslaby@suse.cz>
Date:	Tue,  7 Jun 2016 18:13:22 +0200
From:	Jiri Slaby <jslaby@...e.cz>
To:	giometti@...eenne.com
Cc:	linux-kernel@...r.kernel.org, Jiri Slaby <jslaby@...e.cz>
Subject: [PATCH] pps: do not crash when failed to register

With this command sequence:
 modprobe plip
 modprobe pps_parport
 rmmod pps_parport
the partport_pps modules causes this crash:

===

BUG: unable to handle kernel NULL pointer dereference at           (null)
IP: [<ffffffffa110301d>] parport_detach+0x1d/0x60 [pps_parport]
Oops: 0000 [#1] SMP
...
Call Trace:
 [<ffffffffa036a185>] parport_unregister_driver+0x65/0xc0 [parport]
 [<ffffffff810ff667>] SyS_delete_module+0x187/0x210

===

1) plip is loaded and takes the parport device for exclusive use:
  plip0: Parallel port at 0x378, using IRQ 7.

2) pps_parport then fails to grab the device:
  pps_parport: parallel port PPS client
  parport0: cannot grant exclusive access for device pps_parport
  pps_parport: couldn't register with parport0

3) rmmod of pps_parport is then killed because it tries to access
   pardev->name, but pardev (taken from port->cad) is NULL.

So add a check for NULL in the test there too.

Signed-off-by: Jiri Slaby <jslaby@...e.cz>
Cc: Rodolfo Giometti <giometti@...eenne.com>
---
 drivers/pps/clients/pps_parport.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/pps/clients/pps_parport.c b/drivers/pps/clients/pps_parport.c
index 38a8bbe74810..83797d89c30f 100644
--- a/drivers/pps/clients/pps_parport.c
+++ b/drivers/pps/clients/pps_parport.c
@@ -195,7 +195,7 @@ static void parport_detach(struct parport *port)
 	struct pps_client_pp *device;
 
 	/* FIXME: oooh, this is ugly! */
-	if (strcmp(pardev->name, KBUILD_MODNAME))
+	if (!pardev || strcmp(pardev->name, KBUILD_MODNAME))
 		/* not our port */
 		return;
 
-- 
2.8.3

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ