| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 23 Mar 2020 10:16:50 +0100
From: Arnd Bergmann <arnd@...db.de>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Xiyu Yang <xiyuyang19@...an.edu.cn>,
Alexios Zavras <alexios.zavras@...el.com>,
Allison Randal <allison@...utok.net>,
Adit Ranadive <aditr@...are.com>,
Jorgen Hansen <jhansen@...are.com>,
Thomas Gleixner <tglx@...utronix.de>,
Vishnu DASA <vdasa@...are.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
yuanxzhang@...an.edu.cn, kjlu@....edu,
Xin Tan <tanxin.ctf@...il.com>
Subject: Re: [PATCH v2] VMCI: Fix NULL pointer dereference on context ptr
On Mon, Mar 23, 2020 at 9:52 AM Greg Kroah-Hartman
<gregkh@...uxfoundation.org> wrote:
>
> On Mon, Mar 23, 2020 at 04:22:33PM +0800, Xiyu Yang wrote:
> > A NULL vmci_ctx object may pass to vmci_ctx_put() from its callers.
>
> Are you sure this can happen?
>
> > Add a NULL check to prevent NULL pointer dereference.
It looks like this could happen if vmci_ctx_get() returns NULL, which is
not checked for consistently. Maybe add better error handling to the
callers that currently don't check for that, to catch problems such as
void vmci_ctx_rcv_notifications_release(...)
{
struct vmci_ctx *context = vmci_ctx_get(context_id); /* may be NULL */
...
context->pending_doorbell_array = db_handle_array;
...
vmci_ctx_put(context);
}
Checking only in vmci_ctx_put() is too late.
Arnd
Powered by blists - more mailing lists