| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20170425070602.GA3987@soda.linbit>
Date: Tue, 25 Apr 2017 09:06:02 +0200
From: Lars Ellenberg <lars.ellenberg@...bit.com>
To: Heloise <os@...as.ac.cn>
Cc: philipp.reisner@...bit.com, drbd-dev@...ts.linbit.com,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] drivers:block:drbd:drbd_state:fix null-pointer
dereference
On Mon, Apr 24, 2017 at 11:35:18PM -0700, Heloise wrote:
> Signed-off-by: Heloise <os@...as.ac.cn>
>
> In is_valid_state(), there is NULL validation for the variable nc
> "if (nc)". However,the code will continue to execute when nc is NULL.
> nc->verify_alg[0] is used in subsequent code, which may cause
> null-pointer dereference, fix it.
> ---
> drivers/block/drbd/drbd_state.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/block/drbd/drbd_state.c b/drivers/block/drbd/drbd_state.c
> index eea0c4a..1963b83 100644
> --- a/drivers/block/drbd/drbd_state.c
> +++ b/drivers/block/drbd/drbd_state.c
> @@ -845,7 +845,7 @@ is_valid_state(struct drbd_device *device, union drbd_state ns)
> rv = SS_CONNECTED_OUTDATES;
>
> else if ((ns.conn == C_VERIFY_S || ns.conn == C_VERIFY_T) &&
> - (nc->verify_alg[0] == 0))
> + (nc != NULL && nc->verify_alg[0] == 0))
What the static checker cannot know:
ns.conn != C_STANDALONE implies nc != NULL.
But if you feel like it, the additional check won't hurt.
Thanks,
Lars
Powered by blists - more mailing lists