lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1489567684-22763-1-git-send-email-me@tobin.cc>
Date:   Wed, 15 Mar 2017 19:48:02 +1100
From:   "Tobin C. Harding" <me@...in.cc>
To:     Ulf Hansson <ulf.hansson@...aro.org>
Cc:     "Tobin C. Harding" <me@...in.cc>,
        Shawn Lin <shawn.lin@...k-chips.com>,
        Linus Walleij <linus.walleij@...aro.org>,
        linux-mmc@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH 0/2] mmc: core: null pointer dereference bug

Various functions take as parameter an optional pointer. Pointer
should be guarded with non-NULL check before dereferencing.

While fixing this bug it was found that the file contains multiple
functions doing variations on the same thing, sdio_readb(),
sdio_writeb(), sdio_readw(), sdio_writew() etc. Although the functions
have very similar logic the code is laid out in a variety of
ways. This makes it overly complicated to read. There is a already a
nice clean chunk of code, if we use this format for all instances then
we will have cleaned up the code, reduced the line count and lessened
the cognitive load required while reading.

Patch 01 adds non-NULL check before dereference of pointer.

Patch 02 cleans up the return code to be simple and uniform.

Code has not been tested. sdio_io.c with patches applied has been
checked with checkpatch, Sparse, and Smatch. Each patch has been
applied and built on x86_64 and PowerPC

Tobin C. Harding (2):
  mmc: core: guard dereference of optional parameter
  mmc: core: simplify return code

 drivers/mmc/core/sdio_io.c | 54 ++++++++++++++++++----------------------------
 1 file changed, 21 insertions(+), 33 deletions(-)

-- 
2.7.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ