lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20191226204205.qzfcmohulcfbcl4e@960>
Date:   Thu, 26 Dec 2019 15:42:05 -0500
From:   Ayman Bagabas <ayman.bagabas@...il.com>
To:     Darren Hart <dvhart@...radead.org>,
        Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
        Mattias Jacobsson <2pi@....nu>,
        Dan Carpenter <dan.carpenter@...cle.com>,
        kbuild test robot <lkp@...el.com>,
        platform-driver-x86@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] platform/x86: huawei-wmi: Fix a possible NULL deref

Please ignore this patch I'll be sending another one. guid->guid_string
is always true.

On 19/12/25 06:58PM, Ayman Bagabas wrote:
> We're iterating over a NULL terminated array.
>
> Fixes: 1ac9abeb2e5b ("platform/x86: huawei-wmi: Move to platform driver")
> Signed-off-by: Ayman Bagabas <ayman.bagabas@...il.com>
> ---
>  drivers/platform/x86/huawei-wmi.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/platform/x86/huawei-wmi.c b/drivers/platform/x86/huawei-wmi.c
> index a2d846c4a7ee..42d461eeeff4 100644
> --- a/drivers/platform/x86/huawei-wmi.c
> +++ b/drivers/platform/x86/huawei-wmi.c
> @@ -784,13 +784,13 @@ static const struct wmi_device_id huawei_wmi_events_id_table[] = {
>  static int huawei_wmi_probe(struct platform_device *pdev)
>  {
>  	const struct wmi_device_id *guid = huawei_wmi_events_id_table;
> +	struct input_dev *idev = *huawei_wmi->idev;
>  	int err;
>
>  	platform_set_drvdata(pdev, huawei_wmi);
>  	huawei_wmi->dev = &pdev->dev;
>
> -	while (*guid->guid_string) {
> -		struct input_dev *idev = *huawei_wmi->idev;
> +	while (guid->guid_string) {
>
>  		if (wmi_has_guid(guid->guid_string)) {
>  			err = huawei_wmi_input_setup(&pdev->dev, guid->guid_string, &idev);
> @@ -820,7 +820,7 @@ static int huawei_wmi_remove(struct platform_device *pdev)
>  {
>  	const struct wmi_device_id *guid = huawei_wmi_events_id_table;
>
> -	while (*guid->guid_string) {
> +	while (guid->guid_string) {
>  		if (wmi_has_guid(guid->guid_string))
>  			huawei_wmi_input_exit(&pdev->dev, guid->guid_string);
>
>
> base-commit: 46cf053efec6a3a5f343fead837777efe8252a46
> --
> 2.24.1
>

--
Thank you,
Ayman

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ