| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 20 May 2019 23:26:20 -0400 (EDT) From: Nicolas Pitre <nico@...xnic.net> To: Gen Zhang <blackgod016574@...il.com> cc: linux-kernel@...r.kernel.org Subject: Re: [PATCH v2] vt: Fix a missing-check bug in drivers/tty/vt/vt.c On Tue, 21 May 2019, Gen Zhang wrote: > On Mon, May 20, 2019 at 10:55:40PM -0400, Nicolas Pitre wrote: > > On Tue, 21 May 2019, Gen Zhang wrote: > > > > > In function con_init(), the pointer variable vc_cons[currcons].d, vc and > > > vc->vc_screenbuf is allocated a memory space via kzalloc(). And they are > > > used in the following codes. > > > However, when there is a memory allocation error, kzalloc() can fail. > > > Thus null pointer (vc_cons[currcons].d, vc and vc->vc_screenbuf) > > > dereference may happen. And it will cause the kernel to crash. Therefore, > > > we should check return value and handle the error. > > > Further,the loop condition MIN_NR_CONSOLES is defined as 1 in > > > include/uapi/linux/vt.h. So there is no need to unwind the loop. > > > > But what if someone changes that define? It won't be obvious that some > > code did rely on it to be defined to 1. > I re-examine the source code. MIN_NR_CONSOLES is only defined once and > no other changes to it. Yes, that is true today. But if someone changes that in the future, how will that person know that you relied on it to be 1 for not needing to unwind the loop? Nicolas
Powered by blists - more mailing lists