lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 18 Jun 2019 17:38:49 -0500
From:   Tyler Hicks <tyhicks@...onical.com>
To:     Jani Nikula <jani.nikula@...ux.intel.com>
Cc:     Gen Zhang <blackgod016574@...il.com>, sean@...rly.run,
        linux-kernel@...r.kernel.org, dri-devel@...ts.freedesktop.org
Subject: Re: [PATCH] drm_edid-load: Fix a missing-check bug in
 drivers/gpu/drm/drm_edid_load.c

On 2019-05-22 17:55:35, Jani Nikula wrote:
> On Wed, 22 May 2019, Gen Zhang <blackgod016574@...il.com> wrote:
> > In drm_load_edid_firmware(), fwstr is allocated by kstrdup(). And fwstr
> > is dereferenced in the following codes. However, memory allocation 
> > functions such as kstrdup() may fail and returns NULL. Dereferencing 
> > this null pointer may cause the kernel go wrong. Thus we should check 
> > this kstrdup() operation.
> > Further, if kstrdup() returns NULL, we should return ERR_PTR(-ENOMEM) to
> > the caller site.
> 
> strsep() handles the NULL pointer just fine, so there won't be a NULL
> dereference. However this patch seems like the right thing to do anyway.

I came across this thread while triaging CVE-2019-12382. I agree that
the code before was fine but more complex than necessary. There's no
real security impact here since a NULL pointer dereference was not
possible. I've requested that MITRE reject CVE-2019-12382.

This change is a nice improvement, though.

Tyler

> 
> Reviewed-by: Jani Nikula <jani.nikula@...el.com>
> 
> >
> > Signed-off-by: Gen Zhang <blackgod016574@...il.com>
> >
> > ---
> > diff --git a/drivers/gpu/drm/drm_edid_load.c b/drivers/gpu/drm/drm_edid_load.c
> > index a491509..a0e107a 100644
> > --- a/drivers/gpu/drm/drm_edid_load.c
> > +++ b/drivers/gpu/drm/drm_edid_load.c
> > @@ -290,6 +290,8 @@ struct edid *drm_load_edid_firmware(struct drm_connector *connector)
> >  	 * the last one found one as a fallback.
> >  	 */
> >  	fwstr = kstrdup(edid_firmware, GFP_KERNEL);
> > +	if (!fwstr)
> > +		return ERR_PTR(-ENOMEM);
> >  	edidstr = fwstr;
> >  
> >  	while ((edidname = strsep(&edidstr, ","))) {
> > ---
> > _______________________________________________
> > dri-devel mailing list
> > dri-devel@...ts.freedesktop.org
> > https://lists.freedesktop.org/mailman/listinfo/dri-devel
> 
> -- 
> Jani Nikula, Intel Open Source Graphics Center

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ