| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20190724090426.1401-1-baijiaju1990@gmail.com>
Date: Wed, 24 Jul 2019 17:04:26 +0800
From: Jia-Ju Bai <baijiaju1990@...il.com>
To: sudipm.mukherjee@...il.com, arnd@...db.de,
gregkh@...uxfoundation.org
Cc: linux-kernel@...r.kernel.org, Jia-Ju Bai <baijiaju1990@...il.com>
Subject: [PATCH] char: ppdev: Fix a possible null-pointer dereference in pp_release()
In pp_release(), there is an if statement on line 730 to check whether
pp->pdev is NULL:
else if ((pp->flags & PP_CLAIMED) && pp->pdev && ...)
When pp->pdev is NULL, it is used on line 743:
info = &pp->pdev->port->ieee1284;
and on line 748:
parport_release(pp->pdev);
Thus, a possible null-pointer dereference may occur.
To fix this bug, pp->pdev is checked on line 740.
This bug is found by a static analysis tool STCheck written by us.
Signed-off-by: Jia-Ju Bai <baijiaju1990@...il.com>
---
drivers/char/ppdev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/char/ppdev.c b/drivers/char/ppdev.c
index f0a8adca1eee..c86f18aa8985 100644
--- a/drivers/char/ppdev.c
+++ b/drivers/char/ppdev.c
@@ -737,7 +737,7 @@ static int pp_release(struct inode *inode, struct file *file)
"negotiated back to compatibility mode because user-space forgot\n");
}
- if (pp->flags & PP_CLAIMED) {
+ if ((pp->flags & PP_CLAIMED) && pp->pdev) {
struct ieee1284_info *info;
info = &pp->pdev->port->ieee1284;
--
2.17.0
Powered by blists - more mailing lists