| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 29 Jul 2019 08:56:53 +0200
From: Jiri Pirko <jiri@...nulli.us>
To: Jia-Ju Bai <baijiaju1990@...il.com>
Cc: jhs@...atatu.com, xiyou.wangcong@...il.com, davem@...emloft.net,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] net: sched: Fix a possible null-pointer dereference in
dequeue_func()
Mon, Jul 29, 2019 at 04:21:57AM CEST, baijiaju1990@...il.com wrote:
>In dequeue_func(), there is an if statement on line 74 to check whether
>skb is NULL:
> if (skb)
>
>When skb is NULL, it is used on line 77:
> prefetch(&skb->end);
>
>Thus, a possible null-pointer dereference may occur.
>
>To fix this bug, skb->end is used when skb is not NULL.
>
>This bug is found by a static analysis tool STCheck written by us.
>
>Signed-off-by: Jia-Ju Bai <baijiaju1990@...il.com>
Fixes tag, please?
>---
> net/sched/sch_codel.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
>diff --git a/net/sched/sch_codel.c b/net/sched/sch_codel.c
>index 25ef172c23df..30169b3adbbb 100644
>--- a/net/sched/sch_codel.c
>+++ b/net/sched/sch_codel.c
>@@ -71,10 +71,10 @@ static struct sk_buff *dequeue_func(struct codel_vars *vars, void *ctx)
> struct Qdisc *sch = ctx;
> struct sk_buff *skb = __qdisc_dequeue_head(&sch->q);
>
>- if (skb)
>+ if (skb) {
> sch->qstats.backlog -= qdisc_pkt_len(skb);
>-
>- prefetch(&skb->end); /* we'll need skb_shinfo() */
>+ prefetch(&skb->end); /* we'll need skb_shinfo() */
>+ }
> return skb;
> }
>
>--
>2.17.0
>
Powered by blists - more mailing lists