| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20190727.132959.360971552451713269.davem@davemloft.net>
Date: Sat, 27 Jul 2019 13:29:59 -0700 (PDT)
From: David Miller <davem@...emloft.net>
To: baijiaju1990@...il.com
Cc: isdn@...ux-pingi.de, pakki001@....edu, tranmanphong@...il.com,
gregkh@...uxfoundation.org, rfontana@...hat.com,
gustavo@...eddedor.com, tglx@...utronix.de, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] isdn: mISDN: hfcsusb: Fix possible null-pointer
dereferences in start_isoc_chain()
From: Jia-Ju Bai <baijiaju1990@...il.com>
Date: Fri, 26 Jul 2019 16:27:36 +0800
> In start_isoc_chain(), usb_alloc_urb() on line 1392 may fail
> and return NULL. At this time, fifo->iso[i].urb is assigned to NULL.
>
> Then, fifo->iso[i].urb is used at some places, such as:
> LINE 1405: fill_isoc_urb(fifo->iso[i].urb, ...)
> urb->number_of_packets = num_packets;
> urb->transfer_flags = URB_ISO_ASAP;
> urb->actual_length = 0;
> urb->interval = interval;
> LINE 1416: fifo->iso[i].urb->...
> LINE 1419: fifo->iso[i].urb->...
>
> Thus, possible null-pointer dereferences may occur.
>
> To fix these bugs, "continue" is added to avoid using fifo->iso[i].urb
> when it is NULL.
>
> These bugs are found by a static analysis tool STCheck written by us.
>
> Signed-off-by: Jia-Ju Bai <baijiaju1990@...il.com>
Applied.
Powered by blists - more mailing lists