| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 25 Jul 2019 17:20:21 +0800
From: Jia-Ju Bai <baijiaju1990@...il.com>
To: jon.maloy@...csson.com, ying.xue@...driver.com, davem@...emloft.net
Cc: netdev@...r.kernel.org, tipc-discussion@...ts.sourceforge.net,
linux-kernel@...r.kernel.org, Jia-Ju Bai <baijiaju1990@...il.com>
Subject: [PATCH] net: tipc: Fix a possible null-pointer dereference in tipc_publ_purge()
In tipc_publ_purge(), there is an if statement on 215 to
check whether p is NULL:
if (p)
When p is NULL, it is used on line 226:
kfree_rcu(p, rcu);
Thus, a possible null-pointer dereference may occur.
To fix this bug, p is checked before being used.
This bug is found by a static analysis tool STCheck written by us.
Signed-off-by: Jia-Ju Bai <baijiaju1990@...il.com>
---
net/tipc/name_distr.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/tipc/name_distr.c b/net/tipc/name_distr.c
index 44abc8e9c990..241ed2274473 100644
--- a/net/tipc/name_distr.c
+++ b/net/tipc/name_distr.c
@@ -223,7 +223,8 @@ static void tipc_publ_purge(struct net *net, struct publication *publ, u32 addr)
publ->key);
}
- kfree_rcu(p, rcu);
+ if (p)
+ kfree_rcu(p, rcu);
}
/**
--
2.17.0
Powered by blists - more mailing lists