lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 21 Jun 2017 22:41:07 +0100
From:   Michael D <michael.j.dilmore@...il.com>
To:     David Miller <davem@...emloft.net>
Cc:     Jay Vosburgh <jay.vosburgh@...onical.com>,
        Veaceslav Falico <vfalico@...il.com>,
        Andy Gospodarek <andy@...yhouse.net>, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org, Joe Perches <joe@...ches.com>
Subject: Re: [PATCH] Convert BUG_ON to WARN_ON in bond_options.c

I don't think you can stop it being dereferenced... you just need to
prevent an attacker from exploiting the null pointer dereference
vulnerability right? And this is done by returning the function right
away?





On 21 June 2017 at 22:36, David Miller <davem@...emloft.net> wrote:
> From: Michael D <michael.j.dilmore@...il.com>
> Date: Wed, 21 Jun 2017 22:35:56 +0100
>
>> How do we actually stop a null pointer being dereferenced here?
>
> Maybe that's why it's a BUG_ON(), there is no reasonable way
> to continue if the pointer is NULL.
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ