| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <lsq.1510009382.825770359@decadent.org.uk>
Date: Mon, 06 Nov 2017 23:03:02 +0000
From: Ben Hutchings <ben@...adent.org.uk>
To: linux-kernel@...r.kernel.org, stable@...r.kernel.org
CC: akpm@...ux-foundation.org,
"Dan Carpenter" <dan.carpenter@...cle.com>,
"Ilya Dryomov" <idryomov@...il.com>
Subject: [PATCH 3.16 022/294] libceph: potential NULL dereference in
ceph_msg_data_create()
3.16.50-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <dan.carpenter@...cle.com>
commit 7c40b22f6f84c98a1d36e6d0a4346e58f05e45d8 upstream.
If kmem_cache_zalloc() returns NULL then the INIT_LIST_HEAD(&data->links);
will Oops. The callers aren't really prepared for NULL returns so it
doesn't make a lot of difference in real life.
Fixes: 5240d9f95dfe ("libceph: replace message data pointer with list")
Signed-off-by: Dan Carpenter <dan.carpenter@...cle.com>
Signed-off-by: Ilya Dryomov <idryomov@...il.com>
Signed-off-by: Ben Hutchings <ben@...adent.org.uk>
---
net/ceph/messenger.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/net/ceph/messenger.c
+++ b/net/ceph/messenger.c
@@ -3075,8 +3075,10 @@ static struct ceph_msg_data *ceph_msg_da
return NULL;
data = kmem_cache_zalloc(ceph_msg_data_cache, GFP_NOFS);
- if (data)
- data->type = type;
+ if (!data)
+ return NULL;
+
+ data->type = type;
INIT_LIST_HEAD(&data->links);
return data;
Powered by blists - more mailing lists