lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <20200427173202.49626-1-her0gyugyu@gmail.com>
Date:   Mon, 27 Apr 2020 10:32:02 -0700
From:   youngjun <her0gyugyu@...il.com>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:     Tejun Heo <tj@...nel.org>, linux-kernel@...r.kernel.org,
        youngjun <her0gyugyu@...il.com>
Subject: [PATCH] kernfs: fix possibility of NULL pointer dereference. (mount.c)

mount.c also uses "kernfs_dentry_node".
When dentry is negative, "kernfs_dentry_node" returns NULL.
In this case, "kernfs_root" dereferences NULL pointer.

Signed-off-by: youngjun <her0gyugyu@...il.com>
---
 fs/kernfs/mount.c | 25 +++++++++++++++++++++----
 1 file changed, 21 insertions(+), 4 deletions(-)

diff --git a/fs/kernfs/mount.c b/fs/kernfs/mount.c
index 9dc7e7a64e10..cd49cb936681 100644
--- a/fs/kernfs/mount.c
+++ b/fs/kernfs/mount.c
@@ -23,19 +23,33 @@ struct kmem_cache *kernfs_node_cache, *kernfs_iattrs_cache;
 
 static int kernfs_sop_show_options(struct seq_file *sf, struct dentry *dentry)
 {
-	struct kernfs_root *root = kernfs_root(kernfs_dentry_node(dentry));
-	struct kernfs_syscall_ops *scops = root->syscall_ops;
+	struct kernfs_node *node = kernfs_dentry_node(dentry);
+	struct kernfs_root *root;
+	struct kernfs_syscall_ops *scops;
+
+	if (node) {
+		root = kernfs_root(node);
+		scops = root->syscall_ops;
+	} else
+		return 0;
 
 	if (scops && scops->show_options)
 		return scops->show_options(sf, root);
+
 	return 0;
 }
 
 static int kernfs_sop_show_path(struct seq_file *sf, struct dentry *dentry)
 {
 	struct kernfs_node *node = kernfs_dentry_node(dentry);
-	struct kernfs_root *root = kernfs_root(node);
-	struct kernfs_syscall_ops *scops = root->syscall_ops;
+	struct kernfs_root *root;
+	struct kernfs_syscall_ops *scops;
+
+	if (node) {
+		root = kernfs_root(node);
+		scops = root->syscall_ops;
+	} else
+		return 0;
 
 	if (scops && scops->show_path)
 		return scops->show_path(sf, node, root);
@@ -138,6 +152,9 @@ static struct dentry *kernfs_get_parent_dentry(struct dentry *child)
 {
 	struct kernfs_node *kn = kernfs_dentry_node(child);
 
+	if (!kn)
+		return NULL;
+
 	return d_obtain_alias(kernfs_get_inode(child->d_sb, kn->parent));
 }
 
-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ