| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20190724034926.28755-1-baijiaju1990@gmail.com>
Date: Wed, 24 Jul 2019 11:49:26 +0800
From: Jia-Ju Bai <baijiaju1990@...il.com>
To: philipp.reisner@...bit.com, lars.ellenberg@...bit.com,
axboe@...nel.dk
Cc: drbd-dev@...ts.linbit.com, linux-block@...r.kernel.org,
linux-kernel@...r.kernel.org, Jia-Ju Bai <baijiaju1990@...il.com>
Subject: [PATCH 2/2] block: drbd: Fix a possible null-pointer dereference in is_valid_state()
In is_valid_state(), there is an if statement on line 839 to check
whether nc is NULL:
if (nc)
When nc is NULL, it is used on line 880:
(nc->verify_alg[0] == 0)
Thus, a possible null-pointer dereference may occur.
To fix this bug, nc is also checked on line 880.
This bug is found by a static analysis tool STCheck written by us.
Signed-off-by: Jia-Ju Bai <baijiaju1990@...il.com>
---
drivers/block/drbd/drbd_state.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/block/drbd/drbd_state.c b/drivers/block/drbd/drbd_state.c
index eeaa3b49b264..3cf477e9cf6a 100644
--- a/drivers/block/drbd/drbd_state.c
+++ b/drivers/block/drbd/drbd_state.c
@@ -877,7 +877,7 @@ is_valid_state(struct drbd_device *device, union drbd_state ns)
rv = SS_CONNECTED_OUTDATES;
else if ((ns.conn == C_VERIFY_S || ns.conn == C_VERIFY_T) &&
- (nc->verify_alg[0] == 0))
+ (nc && nc->verify_alg[0] == 0))
rv = SS_NO_VERIFY_ALG;
else if ((ns.conn == C_VERIFY_S || ns.conn == C_VERIFY_T) &&
--
2.17.0
Powered by blists - more mailing lists