lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 7 Jul 2017 06:46:18 +0200 From: Peter Rosin <peda@...ntia.se> To: "Gustavo A. R. Silva" <garsilva@...eddedor.com> Cc: Jonathan Cameron <jic23@...nel.org>, Hartmut Knaack <knaack.h@....de>, Lars-Peter Clausen <lars@...afoo.de>, Peter Meerwald-Stadler <pmeerw@...erw.net>, linux-iio@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] iio: multiplexer: add NULL check on devm_kzalloc() return value On 2017-07-07 06:35, Gustavo A. R. Silva wrote: > Hi Peter, > > Quoting Peter Rosin <peda@...ntia.se>: > >> On 2017-07-07 00:08, Gustavo A. R. Silva wrote: >>> Check return value from call to devm_kzalloc() >>> in order to prevent a NULL pointer dereference. >> >> Right, thanks for finding that one! There's another one inside the >> for loop that is just starting in the context of this patch. Care >> to fix checking the return value of that devm_kmemdup as well? >> > > Sure, I'll send a new patch shortly. > >> And someone should perhaps teach Coccinelle about devm_kmemdup... >> > > Good catch, I just implemented that script. > >>> This issue was detected using Coccinelle and the following semantic patch: >>> >>> @@ >>> expression x; >>> identifier fld; >>> @@ >>> >>> * x = devm_kzalloc(...); >>> ... when != x == NULL >>> x->fld >>> >>> >> >> One of these blank lines should perhaps be a "Fixes:" tag? >> > > mmm, I don't get this... If you add a Fixes-tag, like below, you help the stable kernel maintainers decide what to look at. In this case it might be overkill since the thing you fix is so fresh and does not apply to any old kernel. But I think it is a good habit... Fixes: 7ba9df54b091 ("iio: multiplexer: new iio category and iio-mux driver") (and it is a bit unusual to see two blank lines before the SoB-tag) Sorry for not spelling it out the first time. Cheers, peda
Powered by blists - more mailing lists